{"Doc.Dropper.Valyria-10001412-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "vba-document-open", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-single-page", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-embedded-low-content", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "document-exe-dropped", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0002", "T1559"]}, {"bi": "document-launch-utility", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "cmd-exe-file-execution", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-decoy-dropped", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "process-ping", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "document-password-protected", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-launch-rundll32", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-fast-flux-domain", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "document-network-traffic", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0011"]}, {"bi": "document-min-and-embedded-network-traffic", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "word-document-heuristics-compound", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0001", "TA0002", "T1566", "T1059"]}, {"bi": "feed-domain-document-network-traffic", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "document-public-iplookup", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": []}, {"bi": "domain-enumeration-detected", "hashes": ["8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d"], "mitre_attack_tags": ["TA0007", "T1482", "T1018", "T1016"]}, {"bi": "network-opendns-malicious", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": []}, {"bi": "network-dns-doc-network-traffic", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Valyria is a malicious Microsoft Word document family that is used to distribute other malware, such as Emotet.", "hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "iocs": {"domain": [{"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "host": "api[.]ipify[.]org"}, {"hashes": ["1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "host": "templogio[.]com"}, {"hashes": ["1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "host": "johommeract[.]ru"}, {"hashes": ["1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "host": "amesibiquand[.]ru"}], "file": [{"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%TEMP%\\if.bin"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%TEMP%\\if.bin:Zone.Identifier"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%TEMP%\\zoro.kl"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%TEMP%\\zoro.kl:Zone.Identifier"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%APPDATA%\\Microsoft\\Templates\\~WRD0000.tmp\\:Zone.Identifier:$DATA"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%APPDATA%\\microsoft\\templates\\~$zoro.doc"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "path": "%APPDATA%\\microsoft\\templates\\~WRD0000.tmp"}], "ip": [{"hashes": ["1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577"], "ip": "64[.]185[.]227[.]155"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "ip": "173[.]231[.]16[.]77"}], "mutex": [{"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "name": "Local\\WinSpl64To32Mutex_10960_0_3000"}, {"hashes": ["04ece234e8e543a378b27b440c3bfd4b8b5dffdc65f8b5048d625cda9fd6aa25", "1330a9b1b83a5956ebb74c44a84673a35c1e84a078911e6de6b9a85f8fd80823", "1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f", "59a9d01ae23d1b0632f44d5720265c27a14d24c92d413edf39153d998e6269ec", "5adb541c551814e964482b45644033ea1c4ad4830d0384047a6906bbb86ac243", "5f4e57986604f7caf6831a25d3b53542d2665dedc0fedb8fc59dd72a914b0963", "87ac85417295fde5f181265ebfa8028df41abfa17c7d8f5ab4794dab37af8575", "8d0486539dacdf2201a32ac6090ec628139185c19099a010a3027bf6b6611fcd", "a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b", "ae4b72f4a31cfee6f08af42333d5bfb1a2500249e8446a2e9fe4fa7e55ec0821", "b062dd8f8c46cb010cf562145e9a2836f5625f41af329e87ca2bbdc2fd05435d", "bcdcf1ec9bf276c3e6ea441e64ff91fe836857fc49c0c97b672adc0a64aa6873", "c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577", "cf4adca8773145cf0a1d4ba32d555643442e14e9181ae8450bfb79ab86144914"], "name": "Local\\MU_IMDS10_S-1-5-5-0-67863"}], "registry": []}, "reports_count": 14}, "Win.Downloader.Upatre-10001445-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "pe-packed-mpress", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88"], "mitre_attack_tags": []}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "613926d444245bf53e0b1c0cc2d6bacd7c07088fd5f95107a4f0a12e1a2d66c9", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92", "6c6b2c5694650d2a0c277cce0e4ad65d7aa35f3775a1ee2b40c2872f19b93af4", "6d647fea21f46f786e5c17f533119560e876d6691f5adbd095747ef6e6be4c8a", "78da9a0e6f013d8f634da13744bbdcf6cded55bbf8857b591ebbe149955d35cc", "7935f074888e93dc9477b8a79189bf6041f1a7b13ab6edfededfae6dcd2f7b13", "7d81918ab1ed86ac214d30aa5d3d23ea104f6d909f3e6523b2b89ccbe6510649", "7e390e37619cf6bef08be26993a2efdff6eebda2ae6664f96e64bc79263ac3e1", "7f7d186f6301dda3f63d1b90e5083f571bbca6fb2a928b0c2d222f21974df0dd", "7fb780a0e79558fedfe0c66f6cbbc6c01bec447e72ade99718d2828b98501971", "8379f712fd517ee571a2b2ea4be306bbc3238964cac1866855f671820bb6dcce", "847fe10f7c414df98e91faf445e4831cd891da7f58e2ac1acf3286fa52e27ab5", "85441c41deec41c2aae2e35fb8e87b4fb7298cd914760a0f387c04403213c120", "85c3e17f0f8c24539cef5a9164c34a0e908e35fca96db7ab7971650d81309405", "868208aaf14ec1e08d4fe1e57488b8d9240234cc90ba981a015cd34dc76dba5b", "99e50e09fd8860c60717a409d5b34163ac87c4bf0d12d84067513cf2fd6284dd", "a49cec1a88316184224bc32f6b4965aac245751e4a22d55b9c08748123f970c0", "a6789d1010c3d916ddcd787982bc7f2c54797dd3fadccf35df376704fb9f71b6", "ae63cce0b5a3051a54d2ea80266cb8432a3e36beb2e2ee85e8aa83bd68537026", "b4c39fab938569e72e6b83d9440e07c1f787364cc4e8560026677dac3c362642", "b7293c69b8326cfab998946cfd97f88fe40d70b70115dd87b0e17a02cc3b30a2", "b8c80e688a4bfebe2220cf6f6b309f04982c05572e9f9514a51867cd82f572b7", "bd381f395e8d545870599baf09af52b39080c8cb5bcb9ea89f38743792ce4570", "bea8e2fe0fc0270a4deb3f2f359f397e2fe5a54ad85bc5ea8f925322d280b7ce", "c0168de42c0bbc3cf9e8716bbb85ecf503488fdee9327c8f7b077b08d05ff5a9", "c062957642475f0fd5b805505b931faafee9f046f53a6bac04f45cb94cc688cf", "c0e57aee46ace347e2d925273a87b4faa907073266b920cf011a0650b9736b3f", "c80326b34d0f493c21e6914a575060d423ab7c4edec3d555e1dbe933e94a957e", "ca8a97a3a603306fe205b86e5c4e1193c794b07f62418a266ef0ff83f95985b6", "db3735199a4e4bd139282b8cdb216a620e620d6c4bb9d904ee759a7bf00770be", "e2508508de79bebf063dc4d47e028ad06fc277f7a0a6e6daa202b494fa9a5712", "e59400c4e66282a10b7695bc0210fa134e1ff5cdf5b595b576b1d0b06c0531bf", "ea40450a812834a52aec226193ae54d262123eabc6b131b3d1f83e5973f887b8", "efc32d2d2e9f6e2b0b3ed795a52c336071cb05db6f59355dc346737a65794e17", "f2dfdc37a92187fa6625400cfcd9b23556f22373f045316f3e5aaec4a6ab8c4f", "f3707c069424f8393912a19b2e0926566f04107d0e50a6852fe3cee5b85d7291", "f47a2205d4823cf09f7960578c329276c0784eb5dbcd2579f3bcf9c22b2b70bc", "f84f608c0c84834efbf1a108439927e197724e4f8bde428f9e0530bed35eafe0", "f85e36c4d78f277f6d05773731b4453939caf9a4ef2b35fcb8af4c2fd965f250", "f9c496f9bd9f3c3e2f381724ee38b990207f6e0a46f3382973e1fce8ea28214c", "fce2b2fe6c9dcceb30af37980144cddfd9f0b32994da7e1601c51771e31ad72d", "fd8172e22e188e6a823f40854143fe751643af7d33366c82e2baec5a437602f9"], "iocs": {"domain": [{"hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92"], "host": "groupesorepco[.]com"}, {"hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92"], "host": "bulkbacklinks[.]com"}], "file": [{"hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92"], "path": "%TEMP%\\hummy.exe"}], "ip": [{"hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92"], "ip": "51[.]222[.]30[.]164"}], "mutex": [], "registry": [{"hashes": ["0323edc8d532da1aefe5766303a1e4aebeaab1659add9a74a07139bac4d49e21", "061783c38fa569ec6943032cd3e89adf46b85058ffce04568bc73de9afb837e4", "0a762357e7fd4205bffb69d21b994d1d7904f2e3036df78a68f001ea275874b9", "0cac5a7b8060ca7d072ef200ebe114e79db226c0c77b23a5bfdad6367ea66286", "0fe6a1a25bc5f8e635ec6858e70a858d8ada70e4c756ce7ead552f9356f1bac1", "10a891e850d4aa2cd19cd91667e4aa71a3f5c695c5768eaca0de9b7447af40fe", "119b4aada3e4c30184918106a31fdf69f9761311feaf60911835e36ec45be4d8", "138cff7ae6280470a0c46263b1c66ff095534dd2fdd55c205790601b35344de3", "28f6b3ddad4f5eac964b447a327c65da4ebc78aab3a77ab771b4cec0a831e3d4", "2d92e70ea5454c62b44dd8e103937a7247d8bdc568f781c4b34a6bcc98a05e6d", "30812a0a04339fb52e41985b348535455af8d3b6b7f0323f26879d61a1eff7fb", "34bda506acb7ec2bcf103e8ba957b62bd801bb0a7c51d15953088a5ff0e25934", "35cae9bfee37620eed0623fd3c451b6420bac82066b97392ba4dc1e012e3a2b9", "36444340684422c57a04de89af9d8ce31014ade3aff049f2f909537efe7f65a5", "37b5372bfd492c9541d1ddfcb4fd18aa73d4e2afe10c4c94a61b62b59cb41bbc", "3b14a24946a12d98d5ed001ff5ae0a1a4503e1a142a0aa013e4bdf164fe215ac", "4537b602ee160ee2e1e6881c43fc89b4805d67e50cd052aa602beb022e85217d", "48db71773aa5c9f3adad407f2fb053be71a589ddde373cd4d34a0dddbe8a568a", "4f73987d7bc3fba50f4b5bfc1d5c04e066b2a61297872c1fe3f5241ae8b867bb", "537ece66bbcc609d5878b3f39a0c5b9dbbe654fe8844991462ea06f00670be88", "5a5deb3033c8335e05ea29369a24adf6292254ca61a13bfbb4dbf5dcd33aa97d", "5d69cea5ff1f6d0c9543f94f4a08d474822bbd462f3bd946b87482fb50635648", "5e0ff03ec2782cdc0d47d71fd5921b585578a6727c6f5d8672a66eaaa1749f7c", "5eb916933bdc0557ab1f18f0779085afce4c9099525e719447b530b72cd17389", "6064e1b64a1cdad71b8b2ba1b8f6ee644ee9305d8baf9735a63c5af65233a579", "63d95a325619505dee4d4d9624f646dbd997d6a44ebb8f43879ed9b16297badc", "6417bb2deb70e6e0c898efb20840d85554085ec57f92d723d14558fc94845c7b", "663f34cd0ac6e56d3d5432a05f2ac363000cfec7c6b8ae3091956b43176cc514", "666580d6a329d280d4cbef7205804f10ebc77fb7ba0b14b4d2bd405ce25b4c92"], "key": "<HKCR>\\LOCAL SETTINGS\\MUICACHE\\82\\52C64B7E", "value_name": "LanguageList"}]}, "reports_count": 29}, "Win.Dropper.Glupteba-10001476-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "enumeration-browser-information", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0003"]}, {"bi": "cmd-exe-file-execution", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "excessive-process-creates", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-certificate", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-header-subsystem", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-bcdedit", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "tor-process-execution-detected", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011"]}, {"bi": "process-check-vmware", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-discord-domain-detected", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-stun", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "mitre_attack_tags": []}, {"bi": "embedded-pe-resource2", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-opendns-malicious", "hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-imports-exe", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "pe-filename-mismatch", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av-signed", "hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-paragraphs", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-relocations", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-domain-tor", "hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0011", "T1573"]}, {"bi": "dns-query-nxdomain", "hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "file-pending-delete", "hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f"], "mitre_attack_tags": []}, {"bi": "dns-punycode-domain-detected", "hashes": ["f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "mitre_attack_tags": ["TA0011", "TA0005", "T1132", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "iocs": {"domain": [{"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "host": "twopixis[.]com"}, {"hashes": ["74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "host": "stun[.]ipfire[.]org"}, {"hashes": ["a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]icu"}, {"hashes": ["5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "stun[.]l[.]google[.]com"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "host": "stun3[.]l[.]google[.]com"}, {"hashes": ["5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghaoz[.]net"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "host": "stun[.]stunprotocol[.]org"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "host": "stun1[.]l[.]google[.]com"}, {"hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "host": "stun2[.]l[.]google[.]com"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f"], "host": "stun4[.]l[.]google[.]com"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]xyz"}, {"hashes": ["5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5"], "host": "stun[.]sipgate[.]net"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea"], "host": "server2[.]mastiakele[.]xyz"}, {"hashes": ["a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "host": "server13[.]mastiakele[.]icu"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurops[.]shop"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghao[.]su"}, {"hashes": ["5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0"], "host": "server4[.]cdneurops[.]pics"}, {"hashes": ["8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195"], "host": "server15[.]zaoshanghaoz[.]net"}, {"hashes": ["f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "host": "server13[.]xn--j1ahhq[.]xn--p1ai"}, {"hashes": ["dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899"], "host": "server14[.]zaoshanghaoz[.]net"}, {"hashes": ["cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "host": "server2[.]zaoshang[.]moscow"}, {"hashes": ["f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83"], "host": "server12[.]mastiakele[.]icu"}, {"hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5"], "host": "server6[.]mastiakele[.]cyou"}, {"hashes": ["dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "host": "server1[.]zaoshanghaoz[.]net"}, {"hashes": ["c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f"], "host": "server3[.]mastiakele[.]icu"}, {"hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b"], "host": "server1[.]cdneurops[.]shop"}, {"hashes": ["74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44"], "host": "server15[.]mastiakele[.]xyz"}, {"hashes": ["f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]\\xd0\\xbe\\xd0\\xba\\xd1\\x80\\xd1\\x84[.]\\xd1\\x80\\xd1\\x84"}, {"hashes": ["5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurops[.]pics"}, {"hashes": ["cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshang[.]moscow"}, {"hashes": ["b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]cyou"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c"], "host": "server13[.]zaoshanghao[.]su"}, {"hashes": ["9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "host": "server14[.]cdneurops[.]health"}, {"hashes": ["5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5"], "host": "server2[.]zaoshanghaoz[.]net"}, {"hashes": ["c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6"], "host": "server8[.]mastiakele[.]icu"}, {"hashes": ["eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "host": "server1[.]cdneurop[.]cloud"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3"], "host": "server9[.]cdneurops[.]shop"}, {"hashes": ["9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurops[.]health"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "host": "server6[.]mastiakele[.]ae[.]org"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "host": "server6[.]zaoshanghao[.]su"}, {"hashes": ["cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "host": "server13[.]zaoshang[.]ru"}, {"hashes": ["eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurop[.]cloud"}, {"hashes": ["cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshang[.]ru"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]ae[.]org"}], "file": [{"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\injector"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\injector\\NtQuerySystemInformationHook.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\injector\\injector.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\cached-certs.tmp"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\cached-microdesc-consensus.tmp"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\keys"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\lock"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\state.tmp"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\unverified-microdesc-consensus.tmp"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\log.txt"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Data"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Data\\Tor"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Data\\Tor\\geoip"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Data\\Tor\\geoip6"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libcrypto-1_1.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libevent-2-1-7.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libevent_core-2-1-7.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libevent_extra-2-1-7.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libgcc_s_dw2-1.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libssl-1_1.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libssp-0.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\libwinpthread-1.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\tor-gencert.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\tor.exe"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\zlib1.dll"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\torrc"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "path": "%TEMP%\\csrss\\tor\\Tor\\cached-microdescs.new"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "path": "%SystemRoot%\\windefender.exe"}], "ip": [{"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "ip": "20[.]60[.]148[.]196"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "ip": "20[.]209[.]34[.]36"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "ip": "185[.]82[.]216[.]48/31"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "ip": "172[.]67[.]168[.]112"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "ip": "104[.]21[.]54[.]103"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83"], "ip": "162[.]159[.]135[.]233"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "ip": "81[.]3[.]27[.]44"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "ip": "185[.]82[.]216[.]64"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "ip": "162[.]159[.]129[.]233"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532"], "ip": "172[.]253[.]120[.]127"}, {"hashes": ["5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "ip": "142[.]250[.]111[.]127"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "ip": "142[.]250[.]15[.]127"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f"], "ip": "74[.]125[.]128[.]127"}, {"hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "ip": "108[.]177[.]102[.]127"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195"], "ip": "51[.]159[.]136[.]111"}, {"hashes": ["c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899"], "ip": "188[.]138[.]33[.]149"}, {"hashes": ["a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "ip": "193[.]0[.]213[.]42"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44"], "ip": "94[.]100[.]6[.]27"}, {"hashes": ["dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4"], "ip": "192[.]99[.]43[.]171"}, {"hashes": ["a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "ip": "162[.]55[.]91[.]19"}, {"hashes": ["5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "ip": "157[.]90[.]183[.]103"}, {"hashes": ["c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e"], "ip": "92[.]243[.]0[.]179"}, {"hashes": ["56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "ip": "37[.]187[.]20[.]164"}, {"hashes": ["5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5"], "ip": "217[.]10[.]68[.]152"}, {"hashes": ["8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0"], "ip": "109[.]202[.]205[.]68"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f"], "ip": "85[.]214[.]18[.]225"}, {"hashes": ["8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83"], "ip": "185[.]220[.]101[.]228"}, {"hashes": ["9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649"], "ip": "185[.]100[.]87[.]192"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83"], "ip": "179[.]43[.]146[.]230"}, {"hashes": ["08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3"], "ip": "162[.]251[.]119[.]10"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c"], "ip": "89[.]39[.]104[.]175"}, {"hashes": ["c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6"], "ip": "89[.]191[.]217[.]1"}, {"hashes": ["cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "ip": "185[.]220[.]101[.]4"}, {"hashes": ["c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6"], "ip": "23[.]129[.]64[.]177"}, {"hashes": ["cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec"], "ip": "100[.]2[.]45[.]164"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "ip": "193[.]110[.]95[.]34"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "ip": "94[.]211[.]220[.]163"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "ip": "171[.]25[.]193[.]235"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "ip": "135[.]148[.]54[.]106"}, {"hashes": ["81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25"], "ip": "77[.]73[.]69[.]128"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "185[.]82[.]216[.]50"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "23[.]106[.]120[.]42"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "77[.]232[.]149[.]26"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "67[.]219[.]182[.]195"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "167[.]235[.]156[.]220"}, {"hashes": ["28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570"], "ip": "108[.]172[.]42[.]214"}], "mutex": [{"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "name": "Global\\SetupLog"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "name": "WininetConnectionMutex"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "name": "Global\\qtxp9g8w"}, {"hashes": ["2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83"], "name": "Global\\xmrigMUTEX31337"}], "registry": [{"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Type"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Start"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ErrorControl"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ImagePath"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Type"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Start"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ErrorControl"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ImagePath"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Type"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Start"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ErrorControl"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ImagePath"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Type"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Start"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ErrorControl"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ImagePath"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "csrss"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": null}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "Type"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "Start"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "ErrorControl"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "ImagePath"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "WOW64"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE", "value_name": "ObjectName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE\\SECURITY", "value_name": null}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WMIPRVSE\\SECURITY", "value_name": "Security"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INSTALLKEY", "value_name": null}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": null}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "DisplayName"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "Publisher"}, {"hashes": ["071b33b943aac7e83b9534293b6f1972222a5afdcb999592f9e790b5ba57f521", "08003c380d1819ccc5e873f60951d79372ffd2b3796251e988dafae9c70427a3", "2437108d3504ad5ceeb7d274cad347762bf30bb5c17c4a8fa1f4222819443d1c", "28876d2e47d69866f632c84b6b636d778a2e7b1713953400743d166bf139b570", "56d685cb54f89d8d9db25793565e9381d290836d202fe0bff795c1671592306b", "5bac4d0210a77cd7d329b5a3755ffff5bc99eb64c2dcd9c7d07768fc06a22bf0", "5f63d5bb5153ce469c558a3ab7d4400364538dcb9a9778373beb8a4cfa479dd5", "74f2ebd1054d1da087fbbfa3e9bf179b596b7b6054a12a55266e06deea5f2d44", "786d44033834713cfccdc5b64ea4b0d6994cee31c39656a517eba77379cb80ea", "81b636167f8d4b1b3f53b7de2cc2ba3452dd292cfe2848934e31aca62a389d25", "8506dce2e894bf764b5f3a3f1e31a5417cec38b9d341ad95f3fba31c76774195", "9087940ad07100e45ed7bb0cbc65d4f95ce396302a73c2464b39b9781e937ce0", "a7b70a33159339131b1988befefefc61b43234769fa3016e54bc88dc6c4597bc", "b95d39e3a37f70aa9f4a755f919ae58692b575811d4a66859dc15f49d6f39cc5", "c2905fa662b31dc9409849b05a79a183330102a0de333db6b22c7e581bc385f6", "c9fda7212f9772ec3f2a48d4221de27d7aed46c8f2feaf31c526212027cb2b0f", "cd0220e3d48cd61ed5c802f3808c860b2d6e518ef0114c9a32ea9418cb6e0aec", "cf33241ede6bb57890ad95293b9b04e183156d1d1bd44f6409007a74b461c25e", "dcb3ff440482062b597f384763466e432e7548753419dbd9099f2b2c87894899", "dcfffa036aa6b63672055b26d5c318ebeae94ec1870cf33b8928a7e5f72da649", "eed1582389bfbba92eaf222a033f525f073362c6bb68b3973ad5ddfc31c3b4d4", "f11f94d98dbd6b48af597e3d6461dfb2d9cd1e4bc565f9e726a7350e2244ba83", "f427bca7295f908f9c03656decabaa0c0e383a3e0adfca81b800ed2fb1265532", "fd726415da878f03c5faa72b3527b0d519b59adc86ff32a5c0685bde75fe55e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "UninstallString"}]}, "reports_count": 24}, "Win.Dropper.Kuluoz-10001444-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-resource-lang-russian", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-kuluoz-mutex", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "7c83e8f4be105c0c035a1a39dd55f63ba823b189e3eaa28d1459cdadc5afa392", "7fc63735b6515e8055c84987feaeda323b972f5ea2f1f4a328544f39fc8d3b4c", "825b2f48d505ae19fd87607a6cfcec4072d5d8f5d488f491f65b1edab63949e2", "829cab9dee3297824fa830aab6377a4fb0fafb950f5cbe88f7e3e9553fca0475", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "a3632ed7207e354ebaaa62865e869fd1bc05e136d5b85a94e5795dfe134c1b87", "a3c76a8440f00b4077954cd3f051f83bc57bd0c4ff08cf0441873333143828f4", "aa5b4af3dd18142f6de8b71a80378f196f7fefddd07a5751d505435790fc34ad", "ace25951a34120bdb4973eddeadfe3e374c2a7ff291e79ad010806ad7a729724", "bee5cb36dc1c86c341852c356d93576c88f5b4e101f2dcf450b871f08f5f3ab9", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "c396207ed4a33e0e88e503e74f5f365a9c43bac97fb5367c57f4a36eb9d0854c", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c", "dbc99ad6b5258a22770ad5f8161113bc79bbf97c98d88cef6d9e0f39b405fd23", "e276736b3573270292e33305a47833b8a678a5477786fa3a568d72ab71284893", "e398a805cc831a83b76698d2d7082f8ef880f1622472a2db62adca8a8031fdb0", "e66f291c1bca0d407c94ab33057823a0edddc64e7fddc4151882a356264a0b1f", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a", "ed8a0c6df4c10269146532615b3373beb4056119381eb48ee7005561e731d078", "fce028a3af8e5408ab349eddeee9272e685966188a1248e699c680276542543e"], "iocs": {"domain": [], "file": [{"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}], "ip": [{"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f"], "ip": "110[.]170[.]30[.]195"}, {"hashes": ["034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "ip": "199[.]59[.]57[.]142"}, {"hashes": ["18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "ip": "162[.]13[.]189[.]52"}, {"hashes": ["034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "ip": "193[.]46[.]84[.]84"}, {"hashes": ["0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "ip": "107[.]170[.]221[.]187"}, {"hashes": ["06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "ip": "23[.]227[.]182[.]207"}, {"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f"], "ip": "173[.]199[.]182[.]152"}, {"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "ip": "212[.]129[.]21[.]210"}, {"hashes": ["034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "ip": "158[.]255[.]238[.]9"}], "mutex": [{"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "name": "aaAdministrator"}, {"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "name": "abAdministrator"}, {"hashes": ["1c0644456cc0aa070ee81eb08163f46a7a74585857e9d818736e163e36fc6d4a", "1e3952115d2c916f845d10914bcec73daa539e6ed9a1d404122ccb7315cc0d53", "22b2f7a50c3abd93ff453f1670aa9f135227e971c2baf11e36f8dc69e84d4e56", "388da6758e0411034e5c294709dab82dab9f9985d21326c615eac557087965fe", "5873b9c7431e18d1ab7f0b453240c4cba36ccac6a9628e536eb4d391d8494437", "62fac7e247c1362ccf340119f1baa8e4ff6aece558bba7b6ba2995397bff2b1f", "6f6d8ae4d2731a6ed1edee55880235c7d102900da1cb986db6c76bc0d157f9dc", "c32c7dea0171e371fe8bee11236db6827a02138982ec59e25cbbcb736013e9d4", "c4d25ce3401e7bf2e0ebfdd318a3823c28b28c1443a73fbc21e2b9df30d97b6c"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7", "034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351", "06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242", "18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe", "1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032", "23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3", "28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372", "33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da", "3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69", "46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536", "559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e", "561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092", "568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c", "5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f", "62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876", "730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d", "74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e", "7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70", "940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f", "9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5", "e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69"], "key": "<HKCU>\\SOFTWARE\\OLFPSCDU", "value_name": "gebgrgcs"}, {"hashes": ["06a89d09af32a664b18cf9a3dc223e84a854f7259565c5542278a16cab911021", "3af803177e7d2463ca755b70baf550de4b7b506df719345e942f558af8f27c69"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "upeqcbfi"}, {"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7"], "key": "<HKCU>\\SOFTWARE\\PNHARWEN", "value_name": "tkpkvuuv"}, {"hashes": ["00342c05f0faeb777c292a4263a60cf34083f0703cd986e4d1afa9db05ed97c7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ipujklsd"}, {"hashes": ["7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70"], "key": "<HKCU>\\SOFTWARE\\AIPUCTSM", "value_name": "uepvvthp"}, {"hashes": ["7af791062913b3faacfd6933d393d062e9c1159fb9fbdb9c9b539acb61f0ad70"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eohpdgar"}, {"hashes": ["62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876"], "key": "<HKCU>\\SOFTWARE\\SIJOHJOQ", "value_name": "qbolerqh"}, {"hashes": ["62205125608aadcdb458db35d865fede56c98722b717a44a2afe5e5a69831876"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jhqqjnsh"}, {"hashes": ["33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da"], "key": "<HKCU>\\SOFTWARE\\UORQTLIO", "value_name": "rhwxoftw"}, {"hashes": ["33b50a69c558582c1caf27021b1733d7b92b38988fcc04078758b7c20ea0b1da"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dgtkjdtr"}, {"hashes": ["46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536"], "key": "<HKCU>\\SOFTWARE\\MUTKAJBX", "value_name": "tdhgnwmq"}, {"hashes": ["5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f"], "key": "<HKCU>\\SOFTWARE\\GCNUFLFR", "value_name": "tfrsnxbc"}, {"hashes": ["46290e2b7639d68a9e911e8e4be461b189bc741c76d5245ea3d26d8beb0a9536"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kkmcetlr"}, {"hashes": ["5792a7b159c605f75b864d542491be2e6e97aee4c06e3051b0ee3a019b8fc74f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kmenlemq"}, {"hashes": ["9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "key": "<HKCU>\\SOFTWARE\\BLCQSVUT", "value_name": "kqkqgnfk"}, {"hashes": ["9ff537e889d9b3b8df4cb21c53cbcd412fbe66fcc0bde26e6c8149ff592128c5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mpdsbbhd"}, {"hashes": ["940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f"], "key": "<HKCU>\\SOFTWARE\\ECRARMIC", "value_name": "uqlbdvjl"}, {"hashes": ["940d9e4a972643b5c4bdf794f2e6b88172c8c9e0743929b1affc5929f68db84f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dpmdtfdd"}, {"hashes": ["74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e"], "key": "<HKCU>\\SOFTWARE\\KPQLPHTV", "value_name": "nqikbbnq"}, {"hashes": ["3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43"], "key": "<HKCU>\\SOFTWARE\\RJPOTMOR", "value_name": "cdjoknmb"}, {"hashes": ["74809fa7c88a7fac2dbf503127a92d52778bdbfe33506be475900c469d2b6d6e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ebgndtjf"}, {"hashes": ["3623e5b40872cd973897a401563c885e57f0cf6c4fa9d15efa2057b0e99c9c43"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jqhgvjhd"}, {"hashes": ["e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "key": "<HKCU>\\SOFTWARE\\IWIJWRJQ", "value_name": "nfurxpab"}, {"hashes": ["e9fe842add838d9c02d28b9ddc2e50802f1d2f112928e6ed701fa0a35bb9886a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vcdhnulu"}, {"hashes": ["034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351"], "key": "<HKCU>\\SOFTWARE\\KRBPQUJK", "value_name": "ucslcfsk"}, {"hashes": ["034085f1acc8151203897dfa8e0c20c23cfdc7fb04dff1d8de9276c11a0fa351"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pedfiasc"}, {"hashes": ["561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092"], "key": "<HKCU>\\SOFTWARE\\OIPKRBMT", "value_name": "akqxnmcb"}, {"hashes": ["561668af320f5a6dd2dfa03ee8eade9441ecd9badd88b1a2d3a6846a36eba092"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jrmpdpnu"}, {"hashes": ["23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3"], "key": "<HKCU>\\SOFTWARE\\NMLBTFXQ", "value_name": "bnlwkaeg"}, {"hashes": ["23154e22b273d45812a4b0f7088db886fa498a4669ee226aac8af08be3ff49b3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ilcpgagc"}, {"hashes": ["730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d"], "key": "<HKCU>\\SOFTWARE\\GCDLODVI", "value_name": "okiolldg"}, {"hashes": ["730fdae49c50d5339f8c19ab80c1fce2ce0a5d4d3a33e49bced57e50ea20126d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mcxinrkb"}, {"hashes": ["1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032"], "key": "<HKCU>\\SOFTWARE\\CRSPVURI", "value_name": "nbvmcbco"}, {"hashes": ["1a75b0eab3722538649b377d3f4f930d4870deb2ea120ec7ac0fafaba0350032"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kipcjeqj"}, {"hashes": ["18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe"], "key": "<HKCU>\\SOFTWARE\\INMIAMBJ", "value_name": "cvkdahpw"}, {"hashes": ["18dba1ba835356d4cb36781959de355aec57d7bf50526c275ae75f5294433efe"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pnebqnsi"}, {"hashes": ["559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e"], "key": "<HKCU>\\SOFTWARE\\OONRFPTE", "value_name": "jbhnuatw"}, {"hashes": ["559cc94f2a183c9db488431fc8d166c0e924907e9fc002968efa77ec9aa7679e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wslvtpof"}, {"hashes": ["568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c"], "key": "<HKCU>\\SOFTWARE\\UHVFRSFK", "value_name": "dgwfbbio"}, {"hashes": ["568fa2a7d64aa79b2d4f4ee58e3b296a17952de78a860f87a9b91f3098e0e08c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qimhvjma"}, {"hashes": ["0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242"], "key": "<HKCU>\\SOFTWARE\\OICIVBSR", "value_name": "dfsjjcdo"}, {"hashes": ["0d4aff7efefaa88ec14b02ed12ca3deed7e6b273b6fda82d7066ae4cf9c85242"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ebvmbsqq"}, {"hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372"], "key": "<HKCU>\\SOFTWARE\\HFGRTMGM", "value_name": "jrpkmobk"}, {"hashes": ["28fddb43138d7231ad6add2d9d70cb50830577f3fc3d5e0488dfa9a16a50b372"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eqgmoihk"}]}, "reports_count": 32}, "Win.Dropper.PlasmaRAT-10000760-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "pe-uses-dot-net", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-system-dir", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "registry-hide-files", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "process-hollowing-detected", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-dns-safe-categories", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "registry-systemrestore-disabled", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-plasmarat-mutex", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "malware-plasmarat-file-path", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-plasmarat-registry", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "process-check-zone-identifier", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "modified-file-in-user-dir", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251"], "mitre_attack_tags": ["TA0003"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "PlasmaRAT is a RAT that has many capabilities including mining, denial of service, remote desktop access, and keylogging. PlasmaRAT's sourcecode is freely available online and has been seen used by threat actors such as APT33.", "hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "iocs": {"domain": [{"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "host": "klobert[.]no-ip[.]biz"}], "file": [{"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "path": "%APPDATA%\\msconfig.ini"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "path": "%SystemRoot%\\SysWOW64\\Windows Server"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "path": "%SystemRoot%\\SysWOW64\\Windows Server\\wserver.exe"}], "ip": [], "mutex": [{"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "name": "4919245"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "name": "83729184726481"}], "registry": [{"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\SYSTEMRESTORE", "value_name": "DisableSR"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS SCRIPT HOST\\SETTINGS", "value_name": "REG_DWORD"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "Start"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS", "value_name": null}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\MICROSOFT", "value_name": null}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\MICROSOFT\\SYSINTERNALS", "value_name": null}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "shell"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\MICROSOFT\\SYSINTERNALS", "value_name": "9481"}, {"hashes": ["07acf6655f3bd9f7efb8fb9673abf14a91d8e53c9c8b3d1712b730f79301b4dd", "10a24172f7877aa5174373a5a66f03d9e8239212ce0a4069b9f9f7a8fb8d869b", "344232ecff398382a51f3821fe03aed41419ed5d4bd9cdf1e2538c6504971dd5", "45109c4b615ac61874e8559bc29c1e7aa4763963349870e3167a45c1e5e2b8d5", "5901a1c2ee44b552a1de4ace0c80f12fc599b960bef0376b539322dcf3aa3d51", "734d82c665505125a70f3d0fa5efb17a0d83bdbe41e4f65fb086380610267293", "8c6b4b0dee6804fc5099abeb62c65e1ebcb44d44dacaaab862534b4da2628495", "a44d872660a3f839106f90c931aafd42471aded2897f1001fd43bac172829ae3", "a86ff8947d470e364a74a4472ba36d7d012ca8cd160114ec49338dbcfe8b6b5d", "a8fc38426ef5e166448dfa69708bd765e684f2c2458d15630b8be8d2ee87e251", "b011b70a43700abfe0ec72edac2223216485aba02192887b738443abd96a7fc5", "c27c8c22462a0b8de5b80d3ca846ee400ae9f8e55da94b3595892358f88daf66", "c3ef3d5a345574dbab0f1535f4617b96e95a330f647788d3cb56c83302f92be4", "ea7485c628bce7f9b446ea559c3744cc7484aa2675f38298ea06beef15bc679d", "eaf2c2366fbdc1ab0ba09c9358abf3969167e6fe9f9ba360654bdf7af3a26631"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\MICROSOFT\\SYSINTERNALS", "value_name": "PROCID"}]}, "reports_count": 15}, "Win.Packed.Razy-10001440-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "05a1d8381fd31606265a05d9f4c158c69f574e417201969e67663e73f6f35321", "ecb6b3f0bafd77c6f07f5ea0bd864459b5c014ba2dfde0ee7f734f12b5a42bf4", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "05a1d8381fd31606265a05d9f4c158c69f574e417201969e67663e73f6f35321", "ecb6b3f0bafd77c6f07f5ea0bd864459b5c014ba2dfde0ee7f734f12b5a42bf4", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "fault-report-file-created", "hashes": ["5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-modification", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "netsh-firewall-generic", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": []}, {"bi": "malware-trojan-njrat-registry", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "firewall-exception-user-dir", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-long-cmdline", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-revengerat-mutex-detected", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-on-usb", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "compiler-vbc-run", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": []}, {"bi": "process-requested-file-external-drive", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "artifact-multiple-extensions", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-header-timestamp-future", "hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": []}, {"bi": "executable-uses-folder-icon", "hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": ["TA0002", "T1204"]}, {"bi": "network-dns-category-webspam", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": []}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "windows-util-schtask", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "excessive-sample-duplication", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sample-copied-to-usb", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-with-multiple-children", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "mitre_attack_tags": []}, {"bi": "pe-header-subsystem", "hashes": ["05a1d8381fd31606265a05d9f4c158c69f574e417201969e67663e73f6f35321", "ecb6b3f0bafd77c6f07f5ea0bd864459b5c014ba2dfde0ee7f734f12b5a42bf4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "deleted-submitted-file", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-windows-task", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-util-attrib-hide", "hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "netbios-query", "hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "lnk-no-creation-date", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "powershell-exec-policy-bypass", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "powershell-used-command-option", "hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "modified-file-in-system-dir", "hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "compound-netsh-firewall-add-windows-directory", "hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "mitre_attack_tags": ["TA0005", "T1036", "T1562"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. It collects sensitive information from the infected host and encrypt the data, and send it to a command and control (C2) server. Information collected might include screenshots. The samples modify auto-execute functionality by setting and creating a value in the registry for persistence.", "hashes": ["05a1d8381fd31606265a05d9f4c158c69f574e417201969e67663e73f6f35321", "0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "0e05d6bbb0b482806dee87457dbdcbc934cea343999829a3c7827e8e635d3c33", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "2317b833127e989c808f8092e7b277734e9ebbccacecae7f185e6c62adeeb4b9", "2d2bc5b6226d288b9abec0cf2443fd239df63c2eb1bebca28ae2e7cbfe03cb48", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "47c82197b05cd8e01804bc0c934754923e84de7a9485b53c885f662f2fab67dd", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "5fbaec0c6a28a21433747c6b4e2d3f8d2b484bf5bc02e664682906c95b528ad7", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "6947b2474bc0e3305af7c6f64f418d4a8d9395cc25f9843532d939c538093b82", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "7ec938b09a5d5c0f6dbc1a0ca75cf669568d5df15118cfea89e9db0cc0eb1826", "8c8b3a3e5a85939f3af1359083876303c483ad2a98d287f1c13187b794006bff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "9ff847764a3a4a2e4f3fba78b87fc6e8a722c3fee5093e9104292db204853314", "a57667097aa63516b88121a6e5249f7c953003916ced9341406b916b02e07d92", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d", "aa19e44360bd101d1367dca6d410b90005840ef97cc75d0f89f7ff53b8c88651", "ae2639558cf403daf82df0cfad8a2729c1c4157d401cc2270d366900b0d57a1c", "be3f1bf0a70eb16b860fa96303040e25c7f3d23481674a8f2b830ef9065d8ef0", "c7ee16a1559172b08535042aef117ccfa6584f2b984d310fe97407ad58259363", "c9391f369245fc51a47726e3deac83c146e72edaee9768a03347a825ccb281b1", "da63139c7ce3dc00eaf70e07a45e8d6c9f8cd264c67849eaf5a63e97dd6db43e", "e27d0e82f18669a357ce342ff5e764b80056d8c98435a4fc06e35511c4628a1a", "eab3bebf02174bf42eff7e701beb3285c3ac902c1b26633bb86668fb34625ee2", "ecb6b3f0bafd77c6f07f5ea0bd864459b5c014ba2dfde0ee7f734f12b5a42bf4", "f418b53fb5aaff0322005119784ef5e7ac85f280cd2018e68e8ef12e73384146"], "iocs": {"domain": [{"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "host": "expres123123[.]zapto[.]org"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "host": "kitty1983[.]ddns[.]net"}, {"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "host": "pastebin[.]com"}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "host": "dz1993[.]ddns[.]net"}, {"hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "host": "davidaf[.]ddns[.]net"}, {"hashes": ["961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "host": "toune16[.]ddns[.]net"}, {"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "host": "honma123[.]codns[.]com"}, {"hashes": ["35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "host": "jeffly12[.]hopto[.]org"}, {"hashes": ["42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644"], "host": "alwerfalli[.]ddns[.]net"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "host": "cyw0923[.]codns[.]com"}, {"hashes": ["3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db"], "host": "raeed99[.]ddns[.]net"}, {"hashes": ["7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044"], "host": "at-44[.]myq-see[.]com"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "host": "rootjuba1[.]ddns[.]net"}], "file": [{"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\$Recycle.Bin.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%ProgramData%\\RevengeRAT"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\RES<random, matching '[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\<random, matching '[a-z0-9]{8}'>.out"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\<random, matching '[a-z0-9]{8}'>.cmdline"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\Documents and Settings.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\MSOCache.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\PerfLogs.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%ProgramFiles%.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\$Recycle.Bin"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%ProgramFiles%"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\Documents and Settings"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\PerfLogs"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\MSOCache"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%APPDATA%\\Client.exe"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "E:\\RevengeRAT"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\RevengeRAT"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\RevengeRAT\\Client.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "\\Recovery.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "path": "\\RevengeRAT\\USBPower.exe"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "path": "%TEMP%\\melt.txt"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "path": "%APPDATA%\\Microsoft\\svchost.exe"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Client.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\0mhjub_d.out"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\b_g0v9si.out"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\c_1kvswu.out"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\jvqnut-r.out"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "path": "%TEMP%\\askwd_ir.out"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\uftwsnw_.out"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\j_5skxxz.out"}, {"hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "path": "%TEMP%\\q_tucgbx.out"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\ng5poxy_.out"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\rmstsf-z.out"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "path": "\\TEMP\\Root1.exe"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee"], "path": "%TEMP%\\TawrHJfWf.txt"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\j_5skxxz.cmdline"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Root1.exe.exe"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "path": "%HOMEPATH%\\Documents\\Root1.exe.exe"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "path": "%HOMEPATH%\\Music\\Root1.exe.exe"}, {"hashes": ["7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3"], "path": "%HOMEPATH%\\Pictures\\Root1.exe.exe"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\k6d2fw0a.0.vb"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "path": "%ProgramData%\\RevengeRAT\\zGjjtnx.ico"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "path": "%TEMP%\\ham0ghjr.0.vb"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\ng5poxy_.0.vb"}, {"hashes": ["95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "path": "%TEMP%\\ng5poxy_.cmdline"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "path": "%APPDATA%\\Microsoft\\Windows\\Templates\\Client.exe"}, {"hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "path": "%TEMP%\\UawrHJf.txt"}, {"hashes": ["62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd"], "path": "%TEMP%\\rpldb4wj.0.vb"}], "ip": [{"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "ip": "172[.]67[.]34[.]170"}], "mutex": [{"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "7260c6c20676bf6d9a15d58987b528ce716dc51180545966f7c586db15022ea3", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "name": "<32 random hex characters>"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff", "3a9a2051c0e02a724d3c33042fb683a68032ec397a6fcb29f7eef4e50d5178db", "62780b161d3ba2c2839caac945bac274f62d8f564a64d620f3cdc8a925e69ddd", "95eef31a2af620c79e74f4b6743eb8176e5e50187ab26cd21e6b24e5a5b63357"], "name": "RV_MUTEX"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "name": "{WEQ2-67R1-YUU3-EEQ2-TY74}"}, {"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "name": "5d5e3c1b562e3a75dc95740a35744ad01234"}], "registry": [{"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146", "7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840", "35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f", "42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644", "961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114", "a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["0603e5cb577f35a2a5f144724434cdc41862673109967eb9927dc010465b92ee", "1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Client"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesVersion"}, {"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5d5e3c1b562e3a75dc95740a35744ad0"}, {"hashes": ["7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d5a38e9b5f206c41f8851bf04a251d26"}, {"hashes": ["7b930e43c39e416c81ec3acf2f22964e85d51c5c9c9a1ab95e5ee21f12382044"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d5a38e9b5f206c41f8851bf04a251d26"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesChanges"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "key": "<HKCU>\\SOFTWARE\\{WEQ2-67R1-YUU3-EEQ2-TY74}", "value_name": null}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "key": "<HKCU>\\SOFTWARE\\{WEQ2-67R1-YUU3-EEQ2-TY74}", "value_name": "US"}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "key": "<HKCU>\\SOFTWARE\\9B4E76249AEEC926B2BF5D22AB66FD6A", "value_name": null}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9b4e76249aeec926b2bf5d22ab66fd6a"}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "key": "<HKCU>\\SOFTWARE\\9B4E76249AEEC926B2BF5D22AB66FD6A", "value_name": "[kl]"}, {"hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "c0fe9f26ddd18885f6e909b228e16080"}, {"hashes": ["532199cfe386343914f1f4be093ae6a5eb0755779c967e797443240891c71146"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "c0fe9f26ddd18885f6e909b228e16080"}, {"hashes": ["961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "key": "<HKCU>\\SOFTWARE\\85586C1696EEF072F608E599824BECB7", "value_name": null}, {"hashes": ["961b88ffa399625ff3cfe6e4161b8dc6b3fd5071ecdaab86889cd42e3ebb6114"], "key": "<HKCU>\\SOFTWARE\\85586C1696EEF072F608E599824BECB7", "value_name": "[kl]"}, {"hashes": ["a6d757c407570fc1b57ab1e18e77c48ae88ebc965a1a75a610b97f9167f81d4d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5d5e3c1b562e3a75dc95740a35744ad0"}, {"hashes": ["35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ff80315b890d700afbcc28650ff0e71b"}, {"hashes": ["35b7995b52e41c6a5eabbc6cb7a5f962586466ca4ceb2372ea608daccaead43f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ff80315b890d700afbcc28650ff0e71b"}, {"hashes": ["42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644"], "key": "<HKCU>\\SOFTWARE\\1FF2F8A6E8685E09EE6FCA84830B84DE", "value_name": null}, {"hashes": ["42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1ff2f8a6e8685e09ee6fca84830b84de"}, {"hashes": ["42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1ff2f8a6e8685e09ee6fca84830b84de"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AhnLab Update"}, {"hashes": ["42cb8ee5ee0724540cc2aa48bafa2e205f2449e5101c90f2a07f3d207a115644"], "key": "<HKCU>\\SOFTWARE\\1FF2F8A6E8685E09EE6FCA84830B84DE", "value_name": "[kl]"}, {"hashes": ["09a7facf4e659f04f37d6e00c32e6d670365fb00521c8d35e7ddf4cbca1aae1e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "AhnLab Update"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesResolve"}, {"hashes": ["1fecf366798b47c1b2bf57416201be85561ee853ebd4e604bc9f9abaea36b1ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "Favorites"}, {"hashes": ["08a5c4cfb2b4cc1ee2a780c7c1309281709817fec2b6cf42a6392e648c83b840"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9b4e76249aeec926b2bf5d22ab66fd6a"}]}, "reports_count": 26}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-05-12T12:12:35+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Downloader.Upatre-10001445-0", "Win.Dropper.Kuluoz-10001444-0", "Win.Packed.Razy-10001440-0", "Doc.Dropper.Valyria-10001412-0", "Win.Dropper.Glupteba-10001476-0", "Win.Dropper.PlasmaRAT-10000760-0"]}