{"Win.Dropper.Tofsee-10002081-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "cmd-exe-file-execution", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "sc-service-start", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-create-execute", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "network-communications-http-get", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-dns-category-file-storage", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-snort-server", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "malware-known-trojan-av", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "mitre_attack_tags": []}, {"bi": "detected-trojan-added-as-service", "hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14", "238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": []}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": []}, {"bi": "eml-mismatched-name-from-header", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "network-smtp-attachment", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-snort-sensitive-data", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "eml-link", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "network-dns-upload-file", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d"], "mitre_attack_tags": []}, {"bi": "double-url-detected", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "url-not-found", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-shellcode", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8"], "mitre_attack_tags": []}, {"bi": "registry-ie-lock-toolbar", "hashes": ["7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "mitre_attack_tags": ["TA0009"]}, {"bi": "http-response-client-error", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6"], "mitre_attack_tags": []}, {"bi": "html-script-prefix-suffix", "hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d"], "mitre_attack_tags": []}, {"bi": "network-snort-app-detect", "hashes": ["f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-http-numeric-ip", "hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "mitre_attack_tags": []}, {"bi": "network-snort-file-generic", "hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": []}, {"bi": "js-contains-massive-strings", "hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and send large volumes of spam messages to infect additional systems and increase the size of the botnet under the operator's control", "hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "iocs": {"domain": [{"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "microsoft[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "vanaheim[.]cn"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "www[.]google[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "i[.]instagram[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "www[.]instagram[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "api[.]twitter[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "in-jsproxy[.]globh[.]com"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "mobile[.]twitter[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "www[.]pornhub[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "api[.]steampowered[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "identity[.]bitwarden[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "t[.]me"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "host": "www[.]evernote[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "host": "steamcommunity[.]com"}, {"hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "host": "docs[.]google[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "host": "ev-h[.]phncdn[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "auth[.]gaijinent[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "www[.]tiktok[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "host": "outlook[.]office365[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "host": "cv-h[.]phncdn[.]com"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "www[.]youtube[.]com"}, {"hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d"], "host": "imap[.]comcast[.]net"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "host": "imap[.]ukr[.]net"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "host": "static[.]cdninstagram[.]com"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2"], "host": "twitter[.]com"}, {"hashes": ["eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "host": "www[.]google[.]fr"}, {"hashes": ["a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "www[.]google[.]nl"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56"], "host": "interception1[.]web[.]de"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56"], "host": "login[.]web[.]de"}, {"hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c"], "host": "b[.]i[.]instagram[.]com"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c"], "host": "imap[.]rambler[.]ru"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc"], "host": "imap[.]mail[.]yahoo[.]com"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "host": "imap[.]web[.]de"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d"], "host": "account[.]mail[.]ru"}, {"hashes": ["c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "host": "ebay[.]com"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "host": "power2pharma[.]com"}, {"hashes": ["46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc"], "host": "test[.]org[.]af"}, {"hashes": ["a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "host": "imap[.]nhs[.]net"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971"], "host": "www[.]escursioni-da-marrakech[.]com"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971"], "host": "mail[.]repliktech[.]com"}, {"hashes": ["d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "host": "imap4[.]igiveme[.]ga"}, {"hashes": ["d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "host": "www[.]collegenursinghelp[.]com"}], "file": [{"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "path": "%TEMP%\\Administrator.bmp"}, {"hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "path": "%TEMP%\\nwcnlas.exe"}, {"hashes": ["be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab"], "path": "%TEMP%\\udjushz.exe"}, {"hashes": ["7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "path": "%TEMP%\\hqwhfum.exe"}], "ip": [{"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "80[.]66[.]75[.]254"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "176[.]113[.]115[.]239"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "45[.]143[.]201[.]238"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "20[.]44[.]209[.]209"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "185[.]161[.]248[.]127"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "176[.]113[.]115[.]84"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "66[.]254[.]114[.]41"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "142[.]250[.]64[.]68"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "20[.]112[.]52[.]29"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "104[.]16[.]119[.]50"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "104[.]244[.]42[.]66"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "52[.]101[.]40[.]29"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "104[.]18[.]13[.]33"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "ip": "104[.]127[.]87[.]210"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "142[.]250[.]217[.]196"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "ip": "104[.]244[.]42[.]70"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "ip": "142[.]250[.]65[.]196"}, {"hashes": ["46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "20[.]103[.]85[.]33"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "ip": "20[.]84[.]181[.]62"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "ip": "176[.]124[.]193[.]126"}, {"hashes": ["46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "185[.]185[.]68[.]231"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "193[.]106[.]175[.]92"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "ip": "152[.]195[.]33[.]132"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "ip": "64[.]88[.]254[.]180/31"}, {"hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab"], "ip": "40[.]93[.]207[.]7"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "104[.]47[.]53[.]36"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "104[.]16[.]120[.]50"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8"], "ip": "212[.]42[.]75[.]240"}, {"hashes": ["603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "104[.]244[.]42[.]194"}, {"hashes": ["a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "104[.]244[.]42[.]130"}, {"hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "142[.]250[.]80[.]46"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "142[.]250[.]176[.]196"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "ip": "157[.]240[.]241[.]63"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35"], "ip": "40[.]93[.]207[.]5"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56"], "ip": "172[.]217[.]3[.]68"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "185[.]244[.]180[.]219"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "ip": "104[.]96[.]240[.]83"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080"], "ip": "5[.]189[.]138[.]82"}, {"hashes": ["46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc"], "ip": "209[.]133[.]222[.]226"}, {"hashes": ["275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "192[.]178[.]50[.]36"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "ip": "176[.]124[.]193[.]55"}, {"hashes": ["603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "ip": "52[.]17[.]207[.]0"}, {"hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "ip": "23[.]15[.]9[.]50/31"}], "mutex": [], "registry": [{"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["238ce8c9c1843ed679b1fbb20b895036dcaf7a774ccdd208991e1aa7d2e8b971", "275f63b3fa7aa1136c6d135806cd618f2fe36e184bc3b12925c6e9ae79d468b7", "2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2", "310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a", "3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89", "55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc", "603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "6223c2e338ac109c51eaa357ab1886c8ea9ff3780b2e9ff71b4c7d3865bf3a56", "722e5c91ecf06847724305f285a3f349fce7f2027d4960d101fcc922a35af69c", "a4c66af7621c1c9194da75d307c48045f337f70f3e7955d617fc5966939d51f8", "a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6", "be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab", "c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828", "eb9e999898a7a1b0668a81378f4962434e6373896bfeea0f0274c66f9e3b6b35", "f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["603b5e4db94e0c034ed1d2cee6d1288c3da702d92948ddd546426c524da8ba3d", "7d8d5064d6347eab9b3075de62aecfb724c9de766932da7e0228b70fdf1c63f7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\isupldcy"}, {"hashes": ["310144f3ba280383cc3a74d91167092c9eb19bb99d7a778d7c18ff6369679080", "fa2c7e4264186b27bc40d6c149dfbe6d551ea39d6ab337a4d295484ac331ac14"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\kuwrnfea"}, {"hashes": ["3ed81f6036ce912ad798d96d56f36e59aa41e95f36cc6e9b2ca18e595a1fa2d8", "d03eb3758c52095597e1bef352c808d743831b838f84e22a215c808110d62fc4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\zjlgcutp"}, {"hashes": ["a80cfe1db921aada4e1a6b20fb60abe99a3bbc600b102cd54afad440f008a1d6"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\jtvqmedz"}, {"hashes": ["55b5ce7205447783ec1b1894ad61cb73061803559989171a6bd03d64ed4589fc"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gqsnjbaw"}, {"hashes": ["be1017245c789df35b3d30d38a25b485ff307a07d5bdf71062629fb7eff7f7ab"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\scezvnmi"}, {"hashes": ["c48668266709447939ac10f570b38c8eb474219ec05009fc748b9ec347033828"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\cmojfxws"}, {"hashes": ["3741e95639f74b4f83da4714046c786d2c3dfe2e46f1cd66bf7258e8056e7f4a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\xhjeasrn"}, {"hashes": ["f929b9f4cf0e41a10d35fcebe508f8ef8a5bc0e52b1ee0b75abc058997117f6f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\dnpkgyxt"}, {"hashes": ["2c141ed24be119c7f61824c2dc962a096d36721844695fca23c5f943d51e41e2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\rbdyumlh"}, {"hashes": ["46f25d898d70e882d1b0cdd1deec43c2a8d444f156eb7b47fa120b15084aee89"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\lvxsogfb"}]}, "reports_count": 20}, "Win.Dropper.Zeus-10002075-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-invalid-checksum", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-linker-minor", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998"], "mitre_attack_tags": []}, {"bi": "high-heuristic-score", "hashes": ["c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-banking", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-redirect", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-cnc", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "excessive-udp-connections", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "possible-dga-communication", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0005"]}, {"bi": "html-small-file-redirect", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": []}, {"bi": "html-unicode-obfuscation", "hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "mitre_attack_tags": ["TA0001", "T1189"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["02df10e355b422c5bb5e2d597ed5ba186ccd75b1555a02f499ac181b2120ed03", "05f6fef63c053c000bbeb362cb05bff689439af1087333a75c69c424581549ba", "14053671d31720f2f9221951c1505e601fd9167ff801a805aa816b317f5e912c", "168294fb9090044b7bb6c09db9ad27e2e65cde38a71c3596bc9f2081f0711103", "16b90f6758b5c39c711ad687a80b7a2ecac0fb7a6d0692d6d16b10f11ae4c1f8", "199818c986a03706929b3f1645dd372d53640f43ef052746cebe6d260d38917b", "1c5bbb2c3aeee33f6cf3a96baeb0c5e88ea1f39fc71975bba8ec090bb04b51c4", "28b99d76eee9430304deb161a95e4bb136f20165ea3f217099e5663281e29809", "2b32f617e4dbf6056ef402d619be0c310184c8c6b510058aacba678d19dc4aa0", "2dfeefc5caf4511a29ae3fe30a9da8ad2c62ad2ae9fd39ebc2db46a463957597", "334d15fcafebf426192ef6d1535eeaa4a7de8126b74e58fbacc6ec94e4f3ab5b", "34b6c7ed9349de1a287d0d5592b78cce35522702e91b8ab5db3d62eae6b67b5e", "374bd4c2b34ae49846a760619880fd804faed9566d35d25eeda4189c47f98660", "64034a052248997224a7e1687a7ed958e5f948f921f3fac55ad2edbb12570daf", "6553bb3b7256019f2a51d44b06e823ba23b75c675d881387cdc5483008ecb983", "7cc58d096942f3ae0460683bc9f5c35112655be103075ef8f7a58abaf550c979", "854a72dd3fbe2c2a0b18ae0bd660757333e10e893b2487390312886634a093be", "869d634387c01e319a72f24bdfb0b4c9a2c808aa88a72f7ad171544b713d596d", "881d68cc2ac29affc59650aa7ada44c7973fcb014c2f8535b1648a365469e682", "9635dd11d2da647afc6bf13c4ce3c8fabd7dfb128f6cfea32d12f7e06f0b4992", "a85a35b0487200ca1f49801827aabf6e747ea4a2b07dfd5f7310d3b88b5e3db4", "a9f73e6255dbaa0f11d9b1d75d70278ff41f8df374dd31869a68a73d1008e041", "af17b70024313eec53d55c113e7c167ad243fb43eeea842f04070d160e9c3f0f", "c17798890e73cbfdd95ec9cc21d6253e9a1e823362efa300a3b103f754a19a45", "c3b064b3355cd6ab93b68eb0c4651ef6c39601cd5a3419e5cfc50dbf8ef2d581", "c5c06a23c30a0739d2484d8c9054c7e38b3b4572388fbcd4c5c33971926d8980", "d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64", "d3c60319efeaae8a02811787ffe10121eb29c597d0d3fc14a58f3f2e1a778a7b", "d6cd8d5693c685e07fc164f5c09b3e316cb46a3f4a4579330636ef820b79b027", "da4ef8bfd388f5e6a1ccab5e6bb36385d475d7458d825f90d73fcd4f08d4e37e", "dda0a277a976ff899966929a65ff73887fb28c847907e80a525250e670608b6d", "e8583b826a705bbd5468ce39f821213c189e60aa594787980dd65aac4a7d0998", "f83727d88efd46ebfdda589e07d3a64239dfa64b8fba4488c968623e22dbbc93", "f9d48df02f03714ba099098abe8785fe5fd809e0e6d5a7afc22c4638ed71a3a3", "fab04dbb5edb3231a6bdb2afcb74e40d6dff0d92db235598e12724bd7cc729f6", "ffa6616467fb0784e24a5c91e71026df6472a192e62dcf9d89bb1bc09bbb8951"], "iocs": {"domain": [{"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "www[.]bing[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "www[.]google[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "eqbaguldaxkwhelpbukqxgeuauci[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "wgmvttwcmhhheeasgvofuqoiwo[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "plrhyhjvjffywctkbahgiivxcpr[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "hinbnfxgpqskneahavuoxvtyd[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "qgkzlqraigymbmobukpjtmdib[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "sxbambmzfifirlnjxsbenrbtpz[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "caozbupzdetgvwinbojtgxxwcqs[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "xrkyxprttpemeqfamztgfykjdet[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "zdphmsfahetgarpjdbmkvxcscnf[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "pztknpblhkrhimnlbrcvspdinb[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "hpfmztgmrgqhiusfmvlbdtwdiam[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "pvdigajzpwkkfizfmmjmrpkjfeto[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "cyscqgqsscutljrwqwnbcufexkr[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "nfkbojqskjulbydktduoskztpf[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "pvtgqceifucelgmhekrgmfe[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "gaaqciscmfiqwthiztlpzscjnyteq[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "vcfqgmhdyxkirrghiblndeixojz[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "fqtfyjvdqbbqoztirtwvwdkrqk[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "ivpzeiwkwkbxnvcwgqcljnifiz[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "qkpibzvwrwirqcyhhudykgimz[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "xkvcuqyrstcgyvkpnijdixgbeei[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "mblwytskjplvduxceypeqylce[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "raihobdypsocykrtlcisgnzzl[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "aekraqkrlnqskndxfuqcheozro[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "bjvfywovvdykbcedxbeeunjbqy[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "huvsukljhymivugnzmzqcrqobeytbi[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "tsaidijrinuwpfxgimsdhylj[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "pofxsyprbmfqvornvscydwgg[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "kbqytsdxklvzlozlvqolzozdgmpn[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "uohqvglfxpbpfydjrknucduo[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "tdpmnyllbztdkbhxibdp[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "mjrkleyxoampfogqdtxkcaxcx[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "xwytirztpvekncucqiiveqtaqzd[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "mvbuampftoztfqhyxcqaqxojkfq[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "hpbqineaxmnuofyhlgizh[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "jypjvpeqqcpfabutupjjvpjfu[.]com"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "bubyveywoofbiuwpnpxclpvujv[.]net"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "vucrkhkjlxcjzjzfuorxjrprk[.]org"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "uceykfhezhuopdqkbyuoxczl[.]info"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "txwyddihlvztjnsukutscyguf[.]biz"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "fexjfrgjvfqqglrljhbaypxs[.]ru"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "host": "swalxcbyugbmhivsvwukeipqghzh[.]com"}], "file": [{"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "path": "%TEMP%\\LZP4377.bat"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "path": "%HOMEPATH%\\AppData\\LocalLow\\odaj.koc"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "path": "%APPDATA%\\Uwname"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "path": "%APPDATA%\\Uwname\\mezas.exe"}], "ip": [{"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "172[.]245[.]217[.]122"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "86[.]133[.]91[.]153"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "84[.]59[.]129[.]23"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "27[.]54[.]110[.]77"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "184[.]56[.]203[.]9"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "174[.]103[.]25[.]199"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "107[.]221[.]229[.]216"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "172[.]5[.]238[.]222"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "107[.]196[.]239[.]26"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "206[.]205[.]226[.]130"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "142[.]251[.]40[.]164"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "122[.]30[.]92[.]10"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "201[.]22[.]95[.]10"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "68[.]84[.]52[.]227"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "24[.]31[.]240[.]254"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "76[.]218[.]94[.]54"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "71[.]3[.]137[.]208"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "98[.]95[.]188[.]144"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "107[.]217[.]225[.]158"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "180[.]35[.]68[.]186"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "ip": "31[.]168[.]72[.]155"}], "mutex": [{"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "name": "Local\\{<random GUID>}"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "name": "GLOBAL\\{<random GUID>}"}], "registry": [{"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUZUESLO", "value_name": "hbch1bi"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Mezas"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUZUESLO", "value_name": "3055dc04"}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUZUESLO", "value_name": null}, {"hashes": ["d1c6294ed90d6c7ed1e7d846d56b01e445323305b812d2044f5602e5973bee64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GUZUESLO", "value_name": "11822b80"}]}, "reports_count": 35}, "Win.Packed.njRAT-10002074-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-dot-net", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-modification", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "startup-folder-lnk-file", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-domain", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "created-executable-in-user-dir", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed"], "mitre_attack_tags": []}, {"bi": "powershell-exec-policy-bypass", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "TA0002", "T1202", "T1059"]}, {"bi": "sc-service-stop-windefend", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "created-executable-sample-appdata", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "mitre_attack_tags": []}, {"bi": "malware-trojan-njrat-registry", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "unsigned-roaming-execution", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-asyncrat-registry-detected", "hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-opendns-malicious", "hashes": ["f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "url-pastebin-service", "hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "mitre_attack_tags": ["TA0011", "T1102"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. The Sparclyheason group originally developed njrAT. Some of the largest attacks using this malware date back to 2014.", "hashes": ["0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21", "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb", "305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "iocs": {"domain": [{"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "host": "metal-msn[.]at[.]ply[.]gg"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "host": "ayman03-31268[.]portmap[.]io"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "host": "0[.]tcp[.]sa[.]ngrok[.]io"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "host": "pastebin[.]com"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "host": "5[.]tcp[.]eu[.]ngrok[.]io"}, {"hashes": ["353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba"], "host": "engine-perception[.]at[.]ply[.]gg"}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd"], "host": "battery-columbus[.]at[.]ply[.]gg"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "host": "members-path[.]at[.]ply[.]gg"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "host": "asked-dress[.]at[.]ply[.]gg"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "host": "insurance-chocolate[.]at[.]ply[.]gg"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "host": "works-threaded[.]at[.]ply[.]gg"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "host": "visit-tamil[.]at[.]ply[.]gg"}], "file": [{"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\3845e39e1f3dcec4ff7961b0a2f0ba67.lnk"}, {"hashes": ["ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\bbeb2271f980d0c2e59e411521a4e871.lnk"}, {"hashes": ["73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "path": "%System32%\\Tasks\\c2527172636652462d2476d220259bd2"}, {"hashes": ["ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "path": "%APPDATA%\\bbeb2271f980d0c2e59e411521a4e871.exe"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "path": "%APPDATA%\\9520744a7360c89a58faf9868697bdea.exe"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "path": "%APPDATA%\\890bacd47c7d51fd7312becbd950c7bf.exe"}, {"hashes": ["c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "path": "%ProgramData%\\708d8fc0a77c9a0879ac7cb1189ea39a.exe"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\d5d3c1f0e4d5aef3a94d97f2fb26b8d6.lnk"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\9520744a7360c89a58faf9868697bdea.lnk"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\890bacd47c7d51fd7312becbd950c7bf.lnk"}, {"hashes": ["c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\708d8fc0a77c9a0879ac7cb1189ea39a.lnk"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "path": "%System32%\\Tasks\\3845e39e1f3dcec4ff7961b0a2f0ba67"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85"], "path": "%APPDATA%\\d5d3c1f0e4d5aef3a94d97f2fb26b8d6.exe"}, {"hashes": ["ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "path": "%System32%\\Tasks\\bbeb2271f980d0c2e59e411521a4e871"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "path": "%System32%\\Tasks\\890bacd47c7d51fd7312becbd950c7bf"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "path": "%APPDATA%\\2cae9becdde38041e4e330e3f52f0a60.exe"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85"], "path": "%System32%\\Tasks\\d5d3c1f0e4d5aef3a94d97f2fb26b8d6"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\2cae9becdde38041e4e330e3f52f0a60.lnk"}, {"hashes": ["c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "path": "%System32%\\Tasks\\708d8fc0a77c9a0879ac7cb1189ea39a"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "path": "%ProgramData%\\e58abc3caa74411ce434a3aa461ead84.exe"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\e58abc3caa74411ce434a3aa461ead84.lnk"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "path": "%System32%\\Tasks\\2cae9becdde38041e4e330e3f52f0a60"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "path": "%System32%\\Tasks\\e58abc3caa74411ce434a3aa461ead84"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "path": "%System32%\\Tasks\\9520744a7360c89a58faf9868697bdea"}, {"hashes": ["d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "path": "%ProgramData%\\6598d612c9ecbbb158c36266743d42c8.exe"}, {"hashes": ["d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\6598d612c9ecbbb158c36266743d42c8.lnk"}, {"hashes": ["d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "path": "%System32%\\Tasks\\6598d612c9ecbbb158c36266743d42c8"}, {"hashes": ["8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b8b4e1b25a2b6f817649b78b5b5a5d29.lnk"}, {"hashes": ["8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473"], "path": "%APPDATA%\\b8b4e1b25a2b6f817649b78b5b5a5d29.exe"}, {"hashes": ["8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473"], "path": "%System32%\\Tasks\\b8b4e1b25a2b6f817649b78b5b5a5d29"}, {"hashes": ["95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b152c91bc1c4e0824480fad7befedebf.lnk"}, {"hashes": ["95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3"], "path": "%APPDATA%\\b152c91bc1c4e0824480fad7befedebf.exe"}, {"hashes": ["95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3"], "path": "%System32%\\Tasks\\b152c91bc1c4e0824480fad7befedebf"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\cc4f48707ebaf216d4fef0b4c0c61272.lnk"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "path": "%APPDATA%\\cc4f48707ebaf216d4fef0b4c0c61272.exe"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "path": "%System32%\\Tasks\\cc4f48707ebaf216d4fef0b4c0c61272"}, {"hashes": ["5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"], "path": "%ProgramData%\\5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677.exe"}, {"hashes": ["5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677.lnk"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6"], "path": "%APPDATA%\\12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6.exe"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6.lnk"}, {"hashes": ["5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"], "path": "%System32%\\Tasks\\5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f.lnk"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "path": "%APPDATA%\\db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f.exe"}, {"hashes": ["5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"], "path": "%ProgramData%\\5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d.exe"}, {"hashes": ["5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d.lnk"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "path": "%System32%\\Tasks\\db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"}, {"hashes": ["5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"], "path": "%System32%\\Tasks\\5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd.lnk"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "path": "%APPDATA%\\b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd.exe"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "path": "%System32%\\Tasks\\b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"}], "ip": [{"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677", "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712", "d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08", "eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "ip": "209[.]25[.]140[.]180"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85", "8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473", "95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3", "ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "ip": "193[.]161[.]193[.]99"}, {"hashes": ["353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba", "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd", "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f", "e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "ip": "209[.]25[.]140[.]223"}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "ip": "209[.]25[.]140[.]211"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "ip": "18[.]231[.]93[.]153"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "ip": "54[.]94[.]248[.]37"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6", "f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "ip": "18[.]229[.]146[.]63"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "ip": "172[.]67[.]34[.]170"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "ip": "3[.]67[.]112[.]102"}, {"hashes": ["f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "ip": "18[.]228[.]115[.]60"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "ip": "18[.]158[.]58[.]205"}], "mutex": [{"hashes": ["0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed", "c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6"], "name": "ogqaAwjfB2yh3bfL"}, {"hashes": ["f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "name": "SCv88LFTFFI8dR9w"}, {"hashes": ["353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba"], "name": "1QnSO4JAiZV6WpHF"}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd"], "name": "N4axFUgaXdIayzbn"}, {"hashes": ["73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "name": "22gJEda1Zfw2vwfK"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "name": "hQjSOlWGIZB5DO8N"}, {"hashes": ["ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "name": "nsly6rwu2jgM0E2F"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "name": "MuT3h4qwhzPDqNiv"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "name": "i92Ri83XAhIENZeN"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85"], "name": "CpM0BozFwJiJLCI4"}, {"hashes": ["c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "name": "HYYqdMBVvkvW9qet"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "name": "iGfoxbmflgpokAoH"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "name": "b6yNsMdOe03HL9LG"}, {"hashes": ["d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "name": "leyfUfKDaom1wjaJ"}, {"hashes": ["8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473"], "name": "cCWueNtsBI6pgZxq"}, {"hashes": ["95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3"], "name": "MfH1eroMODfvADCS"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "name": "QGrfowgnGcHxTGed"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6"], "name": "S7lyHQsJzumSHESB"}, {"hashes": ["5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"], "name": "3tZldvx3UxeahMbo"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "name": "catUiEXpaeVC068N"}, {"hashes": ["5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"], "name": "axlm4DdNg7oDuPl8"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "name": "mIZVGJlfF3sM9H74"}], "registry": [{"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "key": "<HKCU>\\SOFTWARE\\7E3975E4EF230D7D9195", "value_name": null}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd", "73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "key": "<HKCU>\\SOFTWARE\\7E3975E4EF230D7D9195", "value_name": "8BE2FB14B479CCDD9BC15BEAF091A52DF492882CB14B74F194A69E01EEF8E94C"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc", "c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "key": "<HKCU>\\SOFTWARE\\7E3975E4EF230D7D9195", "value_name": "6E2CF9A6CE187C062019E955FF60F4FC3EF815C130C306272E592ACCF4FC927A"}, {"hashes": ["f6e407e5b8ce98202da3776a3936e61a07e3acd5538eace8d232d763b0b707ef"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "737bd67e46d5cadac827d831840e1c9e"}, {"hashes": ["353d5db9b2e6175843d74a62770d7fd2a82b43d06154b7cef6137e49a23c74ba"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "74863e1e5b984f4d9f6114e67967ba5a"}, {"hashes": ["c6042c265751e439c5a96222b5821e2c526614b3189d614ddc1e89f8e41433d6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d9dbb7f30ccf6b9605ba0f91e4001e71"}, {"hashes": ["0370568ad761d369d0fe91aa0bf745ed954676aea7674e3238bf5f133cff49ed"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dc9f4568244aa164419d8d55d41d338c"}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e4f591a3b114bf24d3f9b3a6ef913cb4"}, {"hashes": ["720fb13f797dbba6a0ec19877c644abb0dde8bf6906b2ea4559a2a7cafe6b5cd"], "key": "<HKCU>\\SOFTWARE\\7E3975E4EF230D7D9195", "value_name": "0452D60D658A43929BF2D5BC049E2C57C2D61F58B6444BAB88834C870305DFDF"}, {"hashes": ["73619700a7d06a97037c3dc393146d58f7624356f766f9bb19fe9d33308522f2"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "c2527172636652462d2476d220259bd2"}, {"hashes": ["1a4101c995b330093388628b206da88250bcceebc0c3ef6b25334db5babfe5fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "3845e39e1f3dcec4ff7961b0a2f0ba67"}, {"hashes": ["ed74db49ccee7eb4b157dfaa6ddc6faf068f267eb9ff50000225879bfdb4b8ce"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "bbeb2271f980d0c2e59e411521a4e871"}, {"hashes": ["eb13e60e5169d58acf9264f620d7474c697b48fde63db5c9af551d5431c9aaf8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "890bacd47c7d51fd7312becbd950c7bf"}, {"hashes": ["c043c8d127281746c9c81a202bfb9f9a2ff3150775b50285d78e78c069d04712"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "708d8fc0a77c9a0879ac7cb1189ea39a"}, {"hashes": ["80b8a0a5cca9ed908dec4f2441a9515efa3bde5a0b67a689316816c4ad6eae85"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d5d3c1f0e4d5aef3a94d97f2fb26b8d6"}, {"hashes": ["10f1764ba7cb74110a0a9db2920c7d3007bbd3e13df111a2b697f3c244ad3a21"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "9520744a7360c89a58faf9868697bdea"}, {"hashes": ["b8338d589b1622dffb54ce8f512b8b70df7315ee75b28f47000e39cd5b9a40c4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2cae9becdde38041e4e330e3f52f0a60"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "e58abc3caa74411ce434a3aa461ead84"}, {"hashes": ["305d0c9e1e847a7306285575091f523f521dea096cfc8db5a7b32e465ac180bc"], "key": "<HKCU>\\SOFTWARE\\7E3975E4EF230D7D9195", "value_name": "91E582DD0FE0224A74B326FAA35161958AAE425DF4B6151646B9C330E7BD5487"}, {"hashes": ["d4268de943471bbfb03cd03056504d6e0ff7c81ad6b684d6af6d28d89f5d4c08"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "6598d612c9ecbbb158c36266743d42c8"}, {"hashes": ["8c66b9dec0e884de4cc10f46b73f666ebe0ed0c5709a80fc7bedf0f4eddea473"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b8b4e1b25a2b6f817649b78b5b5a5d29"}, {"hashes": ["95f8c56216adfc5127dfe195128001298dd815b85b2335f8da2def24b5364ee3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b152c91bc1c4e0824480fad7befedebf"}, {"hashes": ["e75fd2007d1c704022a95ba8a0726c737a980eedb99bef704c83da5742c154bb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cc4f48707ebaf216d4fef0b4c0c61272"}, {"hashes": ["5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5be60fdc5ddb62f32a7de89740b3cd166e812a191d5b4813db31d0a45ab00677"}, {"hashes": ["12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "12d415023bdd583b20d45b79802e10e84dd45196c3d1caafc488024d3be9eca6"}, {"hashes": ["db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "db67fb81e08ae38d7241c2247b0429e261481c3e069f7be47bb5a71dd0ed8e9f"}, {"hashes": ["5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5f2bd99627a93373f1a3ca2728063698863b10b0479faf782fab447a1e061e2d"}, {"hashes": ["b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "b26c13faf1b58138c2e4bb181ecf5cd561bef6fa0e9dfc343248453d34be55bd"}]}, "reports_count": 23}, "Win.Ransomware.Djvu-10002408-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-downloaded-executable", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-dns-download-executable", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "process-hollowing-detected", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-imports-toolhelp", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "feed-domain-ransomware", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-djvu-file-path", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "created-executable-sample-appdata", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-http-non-standard-port", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "nginx-webserver-detected", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "enumeration-browser-information", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "cmd-exe-file-execution", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "firefox-cookie-read", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "pe-certificate", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-self-exiting", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-created-sqlite-wal-log-files", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0009", "T1005"]}, {"bi": "network-snort-file-generic", "hashes": ["8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": []}, {"bi": "network-downloaded-executed-from", "hashes": ["cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "windows-util-schtask", "hashes": ["cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "unsigned-roaming-execution", "hashes": ["cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-invalid-checksum", "hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2"], "mitre_attack_tags": []}, {"bi": "network-downloaded-antivirus-flagged", "hashes": ["7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43"], "mitre_attack_tags": []}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "The Djvu ransomware encrypts victim's files with Salsa20 and is known for changing its payloads, ransom notes and the file extensions appended to encrypted files. It spreads via cracked or faked applications or updates, keygens or activators. The main payload uses a wide variety of anti-debugging and anti-emulation techniques, which includes checking the location of the system via the keyboard layout or websites.", "hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "iocs": {"domain": [{"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "host": "api[.]2ip[.]ua"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "host": "zexeq[.]com"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "host": "colisumy[.]com"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "host": "t[.]me"}], "file": [{"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "I:\\5d2860c89d774.jpg"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "\\SystemID"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "\\SystemID\\PersonalID.txt"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%LOCALAPPDATA%\\bowsakkdestx.txt"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%System32%\\Tasks\\Time Trigger Task"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\freebl3.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\mozglue.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\msvcp140.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\nss3.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\softokn3.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%ProgramData%\\vcruntime140.dll"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%APPDATA%\\Microsoft\\Network"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%System32%\\Tasks\\Azure-Update-Task"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%APPDATA%\\Microsoft\\Network\\mstsca.exe"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262\\build2.exe"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "path": "%LOCALAPPDATA%\\7c34bb01-5d78-49c4-8bbb-73fdc7aa1262\\build3.exe"}, {"hashes": ["566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61"], "path": "%ProgramData%\\29186105001818256710234306"}, {"hashes": ["566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61"], "path": "%ProgramData%\\98434069941774401301779229"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82"], "path": "%ProgramData%\\06958703710025248238302966"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82"], "path": "%ProgramData%\\51085262941586590775670285"}, {"hashes": ["64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61.exe"}, {"hashes": ["75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8.exe"}, {"hashes": ["1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97.exe"}, {"hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2.exe"}, {"hashes": ["64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61"], "path": "%ProgramData%\\05355851495797713112145631"}, {"hashes": ["75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "path": "%ProgramData%\\20483779578459940867249110"}, {"hashes": ["75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "path": "%ProgramData%\\61185918397926785953357683"}, {"hashes": ["64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61"], "path": "%ProgramData%\\77755249852908908887524860"}, {"hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2"], "path": "%ProgramData%\\25011674255934354659295769"}, {"hashes": ["1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97"], "path": "%ProgramData%\\38574593118933299245993272"}, {"hashes": ["c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85.exe"}, {"hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2"], "path": "%ProgramData%\\58763811335058230087750855"}, {"hashes": ["8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6.exe"}, {"hashes": ["1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97"], "path": "%ProgramData%\\85421862329526640881262298"}, {"hashes": ["2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793.exe"}, {"hashes": ["c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85"], "path": "%ProgramData%\\50717282016401072521218743"}, {"hashes": ["8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6"], "path": "%ProgramData%\\72782639804946054675476313"}, {"hashes": ["c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85"], "path": "%ProgramData%\\92200315610351602416662042"}, {"hashes": ["8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6"], "path": "%ProgramData%\\85828919186499295763223963"}, {"hashes": ["ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7.exe"}, {"hashes": ["2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793"], "path": "%ProgramData%\\06443641594239475484542602"}, {"hashes": ["2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793"], "path": "%ProgramData%\\51528382360656045848173485"}, {"hashes": ["ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7"], "path": "%ProgramData%\\10224935403017208183291710"}, {"hashes": ["c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3.exe"}, {"hashes": ["ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7"], "path": "%ProgramData%\\71331695885540384027363245"}, {"hashes": ["0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8"], "path": "%LOCALAPPDATA%\\3856b5d6-9eb0-496c-b0d1-db92b0f6ed65\\0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8.exe"}, {"hashes": ["0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8"], "path": "%ProgramData%\\81607676197474567200592156"}, {"hashes": ["0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8"], "path": "%ProgramData%\\85299479281877444939028281"}], "ip": [{"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "ip": "162[.]0[.]217[.]254"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "ip": "116[.]202[.]7[.]239"}, {"hashes": ["2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7"], "ip": "211[.]40[.]39[.]251"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e"], "ip": "210[.]182[.]29[.]70"}, {"hashes": ["0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6"], "ip": "201[.]124[.]33[.]177"}, {"hashes": ["75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3"], "ip": "175[.]126[.]109[.]15"}, {"hashes": ["0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61"], "ip": "211[.]171[.]233[.]129"}, {"hashes": ["ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "ip": "211[.]59[.]14[.]90"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e"], "ip": "175[.]119[.]10[.]231"}, {"hashes": ["1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61"], "ip": "175[.]120[.]254[.]9"}, {"hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61"], "ip": "123[.]140[.]161[.]243"}, {"hashes": ["633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "ip": "190[.]141[.]35[.]3"}, {"hashes": ["6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d"], "ip": "2[.]180[.]10[.]7"}, {"hashes": ["54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3"], "ip": "95[.]158[.]162[.]200"}, {"hashes": ["232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d"], "ip": "190[.]219[.]153[.]101"}, {"hashes": ["232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c"], "ip": "211[.]119[.]84[.]112"}, {"hashes": ["633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9"], "ip": "186[.]182[.]55[.]44"}, {"hashes": ["75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8"], "ip": "58[.]235[.]189[.]192"}, {"hashes": ["6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d"], "ip": "190[.]229[.]19[.]7"}, {"hashes": ["7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43"], "ip": "49[.]12[.]115[.]154"}, {"hashes": ["633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9"], "ip": "187[.]156[.]85[.]108"}], "mutex": [{"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "name": "{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "name": "M5/610HP/STAGE2"}], "registry": [{"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION", "value_name": "SysHelper"}, {"hashes": ["05adccd18a70fd6acb444cb84a27cc488ac86eb449f1a6aea0c8b186cdb39d82", "0c43f3559ee70d362f7cefaf9544dd8c85af4fdbbea04377e223fb7aa5d2a7f8", "1ed3247b3c2cf5da57d068a93257520d2303b7254fec98110d67194503472a97", "232a8cdd9f6d456804c395d931f9cadb0cf453fb1a191346a8c666e34690cb6c", "2531aaaf65fa1782e75d54dca67853cb8c1d73e33f2544ec42ba332a87c09793", "54d5ea5f0619772766771810cc0f3bf03efd5a354cf60ffa3122a9d346fabfd2", "566cb2138f15aad520cd94cf58dc608a897e804798e0a9139e3b3b1637196f61", "633e55e6345323a0417415fdb9cf9ac4f4fc2ef7d90a297756e4427cfada76e9", "64d18a6e518bf68b453134e9fe01968e924fc67e3b6b5274668e606d62842b61", "6661877adf148008ca24225159bfba44e0d4e48b2c45602912fe7393f7c3bc3d", "75022ede411ab60fd9e55d3fa517edfe8488101c916d0b0d91161c8c98da9be8", "7a9688b68fad5a342d6466a61f10df068126418107182f30860d913516e3aa43", "8a0b4cb2e8b68882e37d49cc0dc6d2cd32bea57930015a2ca926475fc5c6f01d", "8f1d63d1d9b0dbb9886f4fb29074ee97d365c321bc8200525e2711b76dd186f6", "c5483715a06cb05516e089d79c7e6d54eae258e603c037694479fe701635a2a3", "c5ded0916b0a6f7c1b259db833a62ac4b0d80c4889aaf8fe1b05867758285e85", "cc86e630d4c4236ce2f4778b4f14c6984370c5b921d7ca0526bf2a5aac47247e", "ef2614ae93a4b8bf90788e7083129a7ce24ac2452120649251c14700404358b7", "f343f2cd877c79dcbd80c57427455a1c7c2ea4ad348173753ea849eb4c64c483"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "SysHelper"}]}, "reports_count": 19}, "Win.Ransomware.TeslaCrypt-10002553-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "artifact-multiple-extensions", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "pe-invalid-checksum", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-communications-http-get", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "netbios-query", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-dns-category-proxy", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "modified-file-in-program-dir", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "network-dns-upload-file", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "modified-file-in-system-dir", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "cta-match", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-file-modifications", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "process-check-browser-mail-client-files", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005"]}, {"bi": "wmic-shadowcopy-delete", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-generic-ransomware", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "process-read-ie-cookies", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-deletes-many-files", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-teslacrypt-31", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0040", "T1486"]}, {"bi": "html-small-file-redirect", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "process-check-zone-identifier", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "artifact-rss-feeds", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "html-page-not-found", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "html-malicious-page-not-found", "hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "process-requested-named-pipe", "hashes": ["e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "created-executable-in-user-dir", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "excessive-sample-duplication", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "network-dns-category-cnc", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "process-hollowing-detected", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-benign-process", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "created-executable-on-usb", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "possible-dga-communication", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-requested-file-external-drive", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "lnk-no-creation-date", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0002", "T1203"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": []}, {"bi": "artifact-lnk-calls-cmd-exit", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "created-executable-sample-appdata", "hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "mitre_attack_tags": ["TA0005", "T1564"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "TeslaCrypt is a well-known ransomware family that encrypts a user's files and demands Bitcoin in exchange for a decryptor service. A flaw in the encryption algorithm was discovered that allowed files to be decrypted without paying the ransomware, and eventually, the malware developers released the master key allowing all encrypted files to be recovered easily.", "hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "iocs": {"domain": [{"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "biocarbon[.]com[.]ec"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "imagescroll[.]com"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "music[.]mbsaeger[.]com"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "stacon[.]eu"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "surrogacyandadoption[.]com"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "worldisonefamily[.]info"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "host": "apps[.]identrust[.]com"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "api[.]wipmania[.]com"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]ezjhyxxbf[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]hmiblgoja[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]jntbxduhz[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]lotys[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]oceardpku[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]vbemnggcj[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]yqqufklho[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]yxntnyrap[.]ru"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "host": "n[.]zhgcuntif[.]ru"}], "file": [{"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ka.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\kaa.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\kab.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\kk.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ko.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ku-ckb.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ku.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ky.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\lij.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\lt.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\lv.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mk.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mn.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mng.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mng2.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\mr.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ms.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nb.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ne.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nl.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\nn.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pa-in.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pl.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ps.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pt-br.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\pt.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ro.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ru.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sa.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\si.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sk.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sl.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sq.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sr-spc.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sr-spl.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\sv.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ta.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\th.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\tr.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\tt.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\ug.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\uk.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\uz.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\va.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\vi.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\yo.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\zh-cn.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\Lang\\zh-tw.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\License.txt"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "path": "%ProgramFiles%\\7-Zip\\readme.txt"}], "ip": [{"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "ip": "85[.]128[.]188[.]138"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "ip": "162[.]241[.]224[.]203"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "ip": "34[.]98[.]99[.]30"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "ip": "23[.]221[.]227[.]186"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655"], "ip": "23[.]221[.]227[.]174"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "ip": "194[.]58[.]112[.]165"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "ip": "204[.]95[.]99[.]243"}], "mutex": [{"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "name": "ityeofm9234-23423"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "name": "c731200"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "name": "-9caf4c3fMutex"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "name": "FvLQ49I\u007f\u203a\u00ac{Ljj6m"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "name": "SSLOADasdasc000900"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "name": "SVCHOST_MUTEX_OBJECT_RELEASED_c0009X00GOAL"}], "registry": [{"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLinkedConnections"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": null}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\SOFTWARE\\XXXSYS", "value_name": "ID"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": null}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb", "0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179", "3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75", "858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a", "a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7", "a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12", "a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab", "a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc", "cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4", "d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e", "d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c", "d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c", "e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655", "eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186", "f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\Software\\<random, matching '[A-Z0-9]{14,16}'>", "value_name": "data"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eoawaa"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Update Installer"}, {"hashes": ["487a322749e90bdf30fac46a5288fabf7bcdebe59af9919982ef8c262f80d97b"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BCSSync"}, {"hashes": ["f8bc090131eb16ee8007f62dabbe472eed7c7354436f8aec9372a81e2e686164"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pjluoctfesrw"}, {"hashes": ["d3e8d5372326ecdc926ec6fc0ea043f11561161a9faae8232276a2513cf2149c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pooqkvflocpc"}, {"hashes": ["e6b62755739953f09eca8a85937fcbe0f184533c50c67715804946f4c2c4f655"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "fwxkhpyjafio"}, {"hashes": ["0ba923eb73b1cb82d42ff8645951a98c45316a731fb2a0c0f395778e2a2a5179"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eacropxvpihj"}, {"hashes": ["a082b3171dfb990cdd22cfa3c0a084fd0b0226d207e35392a9575b5b3de0fde7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vnqeujgcjhuk"}, {"hashes": ["a68adce292f5e29c375c48cc0a948919bd7e8220cd77ceff3a4dd5db253d24ab"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "exetrpjyrtxg"}, {"hashes": ["a3a7a5c48776290b7ea21051c68ea52e03db8a48557ee427db38fcb39fe3bd12"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "njlwvbxfxmkw"}, {"hashes": ["cf5b6f7838462079df7cd50bcc5a88a5fd1898858b7705a535614816c70910e4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "efwffgphvtdj"}, {"hashes": ["08ebc4366098a724b58093793a462378a5470db3eadfca7c18b8f7126aad2ecb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "unwhvdemefqp"}, {"hashes": ["858834e73fe318b38ee3892cd7176018ee7f0d92d77ac51720a2adf2e7f5968a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tfeckcphtbxc"}, {"hashes": ["3337931b618168c2c64296cc81b799a18f8782a26238f9dd2611d100c2238d75"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gqvoaslhlyoj"}, {"hashes": ["d007157de960ff25746397334372a2651d6360826585eeefdc4157cf991cd58e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ypojwqitnhyi"}, {"hashes": ["d2388700bb70974763294d5d5ca53c1e71010f6515547ddf9a6911af3630778c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tguywpqhaosq"}, {"hashes": ["eb8db1b9fc2448610fd85c267b461e2faf987f982577381450563ee0d24ae186"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jhrayyslywvo"}, {"hashes": ["a92906b93160cc0bd8839140fda9176bb4fd2ea43b02048abe9530adb02812cc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "rcjftpogpimu"}]}, "reports_count": 16}, "Win.Trojan.Qakbot-10002083-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-resource-lang-russian", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "pe-subtype-com", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "malware-qakbot-mutex-detected", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "pe-header-timestamp-null", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": []}, {"bi": "windows-util-dll-injection-tool", "hashes": ["938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-modification-reg", "hashes": ["40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Qakbot, aka Qbot, has been around since at least 2008. Qbot primarily targets sensitive information like banking credentials but can also steal FTP credentials and spread across a network using SMB.", "hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277", "a0c7a93e7915893a53f7f5df8cb8e8d60a802ccaa19627967d8fba9ab11fa793", "a153e51cca234ccdd4794366351b71c1aef8e157fba41bf9783c5a6e07da9dc7", "a49990c371b0639f15525ca304968804adcc91878a01018578c1fa41a0c5bc91", "a7c6c4cb4e03dcbb988e60f8c6160e83e2f514cd90d175cf6235fc560b300702", "aa1b63e51faa00f9509ba2e1af8b473f8c30a1b05a6f912259a675316285a81d", "b98e5a382f6d34eed1dcf0cd2fba864d95bceb8a98e5657b361c4ca5598bc531", "bbc5f44dd4267e55f7c164334bbfe47939f2c24eb2f7b79a8e08a929077c49b5", "bd66c4bda4b8314636c017ea7743a3c731723f4128d0679e438ab6883f143a27", "c148d075bb238f82a05eda1c817f00f88c28a8ed64e0f45bacb8774a645e3993", "c42f7ca2ab7f36fc4502c633d02df3e4e0d6bc82dc15e4633a72f71f57c82b05", "d103dd82b62940e028bb159002112b1bd5aaa3623e75f2335df3b6058677328d", "d90af9b817efd0385d5dc2ff9aea1269e9da8286618b04832c14cc09525ced6b", "db7189140c20081f87c60c7193ba073edad201efa9d5447be3284f6d98416868", "de39a0517470d1958cb53fa62bf239be2d9125f35282ad625d3a6865ba13d831", "e0509c5e4b83eded57f1be0b8de9d7fb179457e673be77a273a539760dda393c", "e80ba9554ae2a78ace94dba5b908d53d8ea03c8bb4551d70c24c54e64913e284", "ecc24e02f570ac9824783115ac5823082abf0217d94dacd3c9b5561027e5d2c2", "ed6267939a685ab9a4bfe4dab9b77d7e90f590da84ace0947ba5997506503639", "ef713bf53131e16f35b94accbe2544e5b5969a417a6d2a37d880913635ded18d", "efaa7d35b27604c2bdc3a3dc1c3e97e39b8f898fb02c3afc958ffd19bb6f5d49", "f4d81f2f53d35c10ec80bb8ba04d7b8f65d15a4652bd8590ddd4bf6577068564", "f5acf5cb3848eefc978732a5c3b9a5cd968b78b18da355d211dc30fcc045785e", "f7704e3f8f0823a2a06a8aa85f1a5b3f4cf3a315ebab9a0989c4b01d4151acf5", "fb065200080dea6e80028de0dd4a9f42c8f7a3f6b300b7ff173daf7a48864688", "fcc1043b1900af5e4dd8edebe05a301bb824db60de2fbfe002d988bcf5bd9e24"], "iocs": {"domain": [], "file": [{"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "path": "%APPDATA%\\Microsoft\\Xtuou"}], "ip": [], "mutex": [{"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "name": "Global\\{06253ADC-953E-436E-8695-87FADA31FDFB}"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "name": "{06253ADC-953E-436E-8695-87FADA31FDFB}"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "name": "{357206BB-1CE6-4313-A3FA-D21258CBCDE6}"}], "registry": [{"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": null}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "bd63ad6b"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "bf228d17"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "79eea72"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "7a96a5f8"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "f7b512d3"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "88fc7d25"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "c22ac29d"}, {"hashes": ["003803cfea14ea1ab8c50539f44899c47c3962b255e4fa860f8bf513f9fcd14f", "01462998ce5cb3fc03173775cba990c84af3191917232a907a081a002ff14161", "095c224641480b341cd291e9ab1835ff1c322a60aa2f3f01cc0cc63e057a965d", "1589c63722c29e201f1af10147c65f50b32b51b65af22162943e80513ae24018", "2342220f71c1da2099259d088baeb86e26629021cc7181a62ef1a115e62f4ae9", "2555c939e0c07be5e4d628a3ed27405b859b60255a0d58894ef74bcb6e1fc4ef", "2d1f3f248e4d7eaad2aa9bde02c671ce353f265a43467c17a6529c827c15ff23", "2e1ab538cf381702daac8f75ac7e50ea80fbd0384d543c1672c5b98d1c283713", "37256e6f2f172b77e661508b309bd16afff42f6f33ee2905f85bfd3d4e53aad3", "3c70a36f03f83982f59c9556f8a56e8db86eae11e9636efceb36eeed643fefdd", "3e0454880bbdaf74bac5b7b650faedeb88d480f56f1d5a50865c0ed2c046f7a3", "40333e980e0b55a72c7e0a8e62c20d1b3a10bb2ea02da374e0096f2658164fdb", "40c795e60417e3b40aaab07762816b8fee0f137a9100fe49a1f05ade040560c8", "46f660dee641dee51b74d0b3d5d6afe7368595ce5bbc6f1b83fad3cdf0c5d0eb", "48031b637cf6693f3bbaa0201fa061901af40019322a845ce0962d8bc32dd5dd", "6c5c213e33895e5165434df3c88a95fc00cfbd5486cb5d2a79c0a1b377331f7c", "70f15f684cead742cdb5dd0ec113a12840e9e875ab9a447345cd0bda1320214b", "7bea8cbef55a24b5c109b720ec4efdd02df4aaa56b3083ee0d0d9f43505c9d40", "8c3319e8e85a9352d0d5c33d0e04c982751d61245b93739547e18ef0fc15a993", "900ea93d982f08a4ca8cda388a66d1f166d750a1f9044fbbd8a0c37f4135cc2b", "903183498401aef0e57881291dfc86f4cb764329b4c854b868c9b6ac753da5ab", "9120b6001e32807a18409932a72476cdb931773d3836b771718378b4ef74c39e", "938e715d3a5b8f9331dd1e6537b97c0d5c6f22270ac4c000475e997fded94a8c", "9610015dcc3cc02e0759e8baeec6731b0b859c10e98af16164bee87a46c0e170", "9a379d1b51277a1ab1f17f91d25693ff1cb80a255dc45c9e86fd8df3aca36277"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DFWOFIK", "value_name": "5dfca0e"}]}, "reports_count": 25}, "Win.Virus.Ramnit-10002385-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-nxdomain", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-disablesuac", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "pe-resource-lang-russian", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0011"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "startup-folder-modification", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-dns-safe-categories", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "sinkholed-domain-detected", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-windefender", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-ramnit-mutex", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-security-center-notifications", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-ramnit-snort", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": []}, {"bi": "process-override-security-center-monitoring", "hashes": ["1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "hook-installed", "hashes": ["8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It also steals browser cookies and attempts to hide from popular anti-virus software.", "hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3", "b749f2f6053e2d229dfa2a9cdf96fdbac8c735de8c18ddf83148af7e49771841", "b8f55c548451f530330b793c1890f219cb1dcc2fa1f9f457fb7f8bf36e35d978", "be33752cce7240481701edb5c2264f607bddcdb15191d64a5c8c72dd2c0f92e3", "cee66db162910ba1089e6870fbbf23d7836a03accc70ee7263678353dcea475e", "d768e7821198339225a5aeb8f0efab0ab4ad24ea0117c4fa739a46771c61d6ca", "e28fafb803f5789184d9466dc6ec75dcec457505706f7ab7966c27d76afee4f4", "fb1de6bfc7a83527ab70c5c98dcc622cc658a032d3919ac3fc3d26c3309d47f1", "fede956fc53f80893525b67bb32cc03b04f41b638a1bdb7f285b69c31958fe47"], "iocs": {"domain": [{"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "google[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "ygqqaluei[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "atw82ye63ymdp[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "mdofetubarhorbvauf[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "warylmiwgo[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "caosusubld[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "bekvfkxfh[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "xomeommdilsq[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "wwyreaohjbdyrajxif[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "grbjgfprk[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "xxsmtenwak[.]com"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "host": "ydchosmhwljjrq[.]com"}], "file": [{"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "path": "%LOCALAPPDATA%\\bolpidti"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "path": "%LOCALAPPDATA%\\bolpidti\\judcsgdy.exe"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\judcsgdy.exe"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "path": "\\TEMP\\K9eEf4fVf"}], "ip": [{"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "193[.]166[.]255[.]171"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "195[.]201[.]179[.]207"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "63[.]251[.]106[.]25"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "63[.]251[.]235[.]76"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "142[.]251[.]35[.]174"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "ip": "162[.]249[.]65[.]221"}], "mutex": [{"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "name": "{7930D12C-1D38-EB63-89CF-4C8161B79ED4}"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "name": "{79345B6A-421F-2958-EA08-07396ADB9E27}"}], "registry": [{"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UacDisableNotify"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION", "value_name": "jfghdug_ooetvtgk"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "JudCsgdy"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["069becc422d6f6f1a739f36c19977e86f973de8ac71d43707f821509eeb7e3ab", "0737a484e81ccea1561a2d09482722f4b1b78020b471cc9285762f297a19a9e9", "08f041ec2fafe6d1b6d4a4df0fd492a490a815bef4c45407c28f01a53eb2f7e9", "112d9844d869a67cc760eb9619a8f96648abe63dd788841b2189708a4ab33e79", "19888aed71f14a4b18a67e9b8520a79ce32f9a830a887bea6a8e065c90e483d8", "1e08f5c1a773ee61cf068aa8b5b1962f60c974797f2bbbf0af783834278a5760", "1e43f958047862b254dd56ef12ad553dd1b1b479c66725ff682d173339180272", "24975482f70ca48e97a8ae892db449c45d959580cf1799cce910eb62e1d5dc48", "2f2e8b9e8e1257ab1d1f6242b2ee21088c03d9b9160d9b6a3c7e6ed045e78710", "3120f89d41fba5cfbe8b5e1e9afb4022cfec268620cc3f5bae0f47bcb368d92e", "3424188e777af669655e6710ba4954fb973110bca6d0c69aa40ed97e1f64f5d3", "3441e7896f39a452d1391c2391e71aecf9bb5b135871887f35c8566f96c571d6", "3688dd56fd61ff5ecf322ada31deec7c26d22ea4e3a634d4a06845e65962182f", "4023b5e53d127c9a9d1b268e62a988c64010ac96b0ca509c345fa379e082ac38", "5370afb0a0c823ade197b86217534fda5969ef7dd45aa9f48128a31e401cc356", "556ee8a712446234cf175b2b96280ab6fd4f3b3f8dc76930c3b3d9ec31b68ca3", "73045fc3593bb96604879c80f5b3222f5723815b52240fdd6a7e6c1c58ec1596", "797514dff7a8b29b0bea85875a39715ee091fbeaa31fdad4428a4f6863a9b8c4", "8257c33afc6f826716bbe89628006659a25006f4276a80c2284965a70abad3b4", "83eb00995d90f5e09ee93c2dbaa365f9a3cd5ea02ab32c35e26e5c8bc5af7f68", "86cc81d40db039da90b44b476b79e2da8ea0d87580130fe52f93f12c100090af", "8ece6f1fd15062ed6f52d02be64f58979065c28e8b135244b7cba144e37f4246", "9d4dfffc0a7b70f370f7d1a5802415df422813f7ecbaba01e9f0c96270b08a57", "9e1559f93288f34005b9eff555fa227d4c0188a0bd378cbba392fae9ab0b0f1b", "9fc031cd7bcccfb61552939bc5a445acc5b23d3b3aa3932ac10b249c479a9ea3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}]}, "reports_count": 25}, "Xls.Malware.Valyria-10002078-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-windows-script-launched", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-launch-vbs", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "document-launch-javascript", "hashes": ["0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6"], "mitre_attack_tags": ["TA0005", "T1202"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Valyria is a malicious Microsoft Word document family that is used to distribute other malware, such as Emotet.", "hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c", "b080a03ca09863d3199367a10ab88085527427e5eeea2d0809a2660820bcdd28", "b0c0e7bd1a787b90e234827e6d682eecd83e8ee5b4a5b4be2e8f883ed6d5028f", "b4d2ae0e6d4ef56993f3003febba860036e56da0801226e53a178ba7d006879c", "b67ce0cbeb822f9468e6e46e2c01d388240cf62f5792fd6983e5b9d3e434df44", "bf6d1c02cd65808c7bafbfba1089e106eae0defa0416a7a28d93f3ffb4d39ae1", "c7c2251c63963d7dab2268d2e1838687ba3adf72b05a60703d88677f683729f6", "cce3f7f339fa53f5e228cb9ffe6487389d88a4e2ae631efe9d496a30c2ac1e89", "d2e74e7965e2835d21450b600f05aa5b3fe7e54737f490274956272771ebc263", "d3114c36226490b33a3f4310d7401703c7a9e30f056738d2116a68e85bfdd069", "db0a8b0278f3a9544d80983d556cdc1fc5c8871edda557ee89839291e8fda503", "defc5faf7ad5fc8724732b6f7640bd046bc5bd6d71881a9e7ad317130e03033d", "e0b5542a22f5a0237f91cb73acee31edb0cb9ad3b2658efb7699dccb4f2874bd", "e625bbbd79092a4af8fe5e627f4c4eb61484376198a56fe116b08ebea7051b98", "ec8635e80198761abeff44ad5db5cafc10556a04248aa47d8b062f8051979512", "ed97fc6463df4a0ace0c7433c6dd9fc0ad5a7f901794cc6dab4a1884e6c43cb6", "f3908099391337e9a005f364d241bd4a2ca60394eda22fe9e76534bbe0ff1c4e", "f6ca6be39d76f549420956aae15bb4345981e1b742f0c4b5de537492ef6e4816", "fad237e71191aad78fc459aef244b0cfa8e46f67963d6f75566c34e65015f151"], "iocs": {"domain": [], "file": [{"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "path": "%TEMP%\\sfoWQ.txt"}, {"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "path": "%TEMP%\\sfoWQ.txt:Zone.Identifier"}, {"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "path": "%APPDATA%\\sfoWQ.txt"}], "ip": [], "mutex": [{"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}], "registry": [{"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\.JS", "value_name": null}, {"hashes": ["09214b75e113f9df8029db90913919de573c5d16ca8005453a9b4df5c2744ab4", "0d7dcea3a78eccc8abc6d1ddb7761bf5c0d15c79159af7af22fa6c06a7c76491", "1e9cef0c192fff11cba232a102639387bca0af47e9fcd160a55d20065c54cf08", "3a6e2f267fbdd6b5a1248c6e56612f18594e1d5c0a3d8d4d9dd69711f426913f", "49c980bb98d56a511b2adfe87a2e2f03dc172e1c0cab88fb72eaaca7d7f892fa", "4fd4219515547335f22d38747308304a193f3736f62c131a2866ba4ea8c2efab", "55c31c60c2143a851b33ba43bd05a4ca4ed1f49d34d650c764325d52159bd3bc", "57879f11611c36bfeec0fc76275ca7a98181382a6e9ee120980da2f63b200677", "5d7a2f9dbfdd4972d426ac27035251ca04b70ee49568a07b54b9b0bb20b539f6", "60c215a73729207311b3fa8bdf9d3a92979b3b4a3647c6473f8e9e94cc844d47", "61e6f84d6d68a96fd8d52f792c21b5121e218b405e14b08041fa1bcd7a2815f6", "6ace2eb7f0abd2231439d20ae7280432bfeffc0ff54030fd8b45c925788b5b45", "750e11c32b4992167d3b803e15d11d678a242f3accbde86e8b2897abea12017e", "7776a45f3bb6e284fc41398d99c7d4078d35333b29d0cd822d143c5662c6e981", "7935a802c774f09510b7ea92e1c71518308e3522c2f78e5a3b3514df9d26105f", "7c031d1f559da9eb3c4fcee035f403abb2dc3d19c0ac2a7b4f9ef87a21e9c45c", "807ab83a7b2a132266e1e127f46feb5b35a6a40b63154e5a52116fcb852adba4", "82dfb38db754f42799d4505d8f17ad12fc6d6830c32df2c3fa1aeabbedb5475f", "8fcb8cd84bbac5f2fd9431f7287702da9b5c59c3d3d7aa4db6ba456e87db5325", "91493c3eb2098e1dc17ae1966bbac80411bb43adc318f69680d845e74245c4c6", "93af1d5c4066a77c419cf00614044c269ef119582c428e8ff15a3da71328fdca", "94b5d0f1b6def10685e91c5f739acbfb09d533f440dba4f0f62a6f90a892b5e4", "9b3076343bb665bc9c0baa44f5b4d08ac9e74dc310906099e453b6270032106a", "a1668447abe6177554d6e752d61a74aaa135013b4bb9952becb248045da09b3f", "a1f553a776fa0302b46393ddb10d6130839018c28a1220bc8457ef18f17dc45c"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL\\BAGS\\160", "value_name": null}]}, "reports_count": 25}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-05-26T14:36:13+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Ransomware.Djvu-10002408-1", "Win.Virus.Ramnit-10002385-0", "Win.Trojan.Qakbot-10002083-1", "Win.Dropper.Tofsee-10002081-0", "Xls.Malware.Valyria-10002078-0", "Win.Dropper.Zeus-10002075-0", "Win.Packed.njRAT-10002074-1", "Win.Ransomware.TeslaCrypt-10002553-0"]}