{"Win.Downloader.Upatre-10003575-0": {"bis": [{"bi": "antivirus-service-flagged-artifact", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "bd9bad48136bff236abddf7f7bb43867147e8ceef3861331b4eaf81d255d46b5", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "bd9bad48136bff236abddf7f7bb43867147e8ceef3861331b4eaf81d255d46b5", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "pe-uses-fasm", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "bd9bad48136bff236abddf7f7bb43867147e8ceef3861331b4eaf81d255d46b5", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "url-forced-download-prompt", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": ["TA0005"]}, {"bi": "http-response-redirect", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "mitre_attack_tags": []}, {"bi": "pe-header-subsystem", "hashes": ["bd9bad48136bff236abddf7f7bb43867147e8ceef3861331b4eaf81d255d46b5"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a trojan that is often delivered through spam emails with malicious attachments or links. It is known to be a downloader and installer for other malware.", "hashes": ["0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "b4b68618361127abb1ff66d070078722f6b0ea0028f06b73f01fa51a89569fca", "bd9bad48136bff236abddf7f7bb43867147e8ceef3861331b4eaf81d255d46b5", "cae9c7123f19f895e8703b2852343f29f66e17fdc8321a2d884ac4f937d2a159", "d0a68a7fdc54c85e6a01559703039bc87583b2cd16b00774c773b1664b8cf4ea", "d0cdd9e1b4f41a391351a2abe8a3fad0c1b632bdf56d12a8fea2b047c0726006", "d4b2ea713f3e729f8eea9d5959cca8c46050cf52343f5fc6c9cfba470cbb5ff3", "df91fbe54948c83347d0e4f98800c0ca075a65fcca24d4da604b4a896c7de223", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20", "f73bcc977b37a118605108404a9c84b576011bd4379746e2eafeb2f246e9d2d0", "f90a604e091bb358224551a2849c11b98d5b24d16f5e343e0b35222003743a1f", "fc37e3faa50316cb8e502499512669dbd557e92ee0d5d5b6ef9925a348c9dc20"], "iocs": {"domain": [{"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "host": "x1[.]i[.]lencr[.]org"}, {"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "host": "infodienst[.]diakonie-sh[.]de"}, {"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "host": "kaluhanimale[.]com[.]br"}], "file": [{"hashes": ["0025f3df6883176730c11dac5900248e88697beeefc2b416eeb269ed0e3f6d3d", "010fac5139b82b321981a91ff0f5d4e5f099d12507434444daa16f0b19b38825", "035d1ca9d46f6d91d25e1861f313b5efd49ce750e3728ee0bc406e884283be53", "07526fdb8515176737d2b75cd161a23fbb9b6e24f715ad690bbbe29f92a3e37e", "0a7e1e4186d76c4666eb488589e23c9bf0640ddc69ec0e51115bcca282266c50", "1aae1b61199b29d0e9c3887be69c4d4228e7030d86e3c15b5246c4e0bb47e0ce", "2fbd448b7452dea7da39f66fee3400c07291bbd188045b5326cfc66a712fafba", "3384ec513e547d2b7871157b10f796ec2ebcf808aec27c8a9e29af1b444f315b", "338ae2aee340172e93599dea6dfdc4c8a5628f9e8f1f1c814d9a812b4cafe67d", "35f7b5f210514d3e7e27113d6f20a72dfc0ee9ad33c19e81ab0db9c864139644", "3e0b9bcf7f7865ce98cbe2c87a7861f042dfc1843f881490344629b5fcc6126d", "503505f469fab6de7541033fe3afac3ee5b4f19d5a8302053b85be7c80488823", "50bd00b339efa25ae7af859a73cd96209f1a2def1c0ce5e355b2540eb91f2990", "66a85cbecb34d3402306a6c9624479a5e31eec6dfb2fa2f3c3d5ee9b23cf5ce4", "68b7763595a7baa39c5c7f7ea48d3537e541bc200947d7b1c727ee8aa036da7d", "6a0e2dea633f6b1de94d30f46f2b9c914c76ee8c7e3dda513a5259b6721cbcd4", "72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025", "751f678451a083a52a47e78463232cb9d48a68450769244ebaa4c6b2e6e0b82b", "7a341ced949f3462f6d130ba72ce6dc310bcb3fdb1eb6258c9d8982cc14166f7", "8cf7459eff3f04765e169772f48f80530fce269caa7d0e3e686e6313988d0335", "90d5b5b3a6c4f42f0f841446abc41119b9fc98a71d007eb577ad57a88bf36178", "92e1488eea266e986ed57bc6e9e4a1865922da4800262e65c26777179f28d5e5", "9ed33483d331c22d1b86dcada0f5992e39e98b546bf31a4c42341ace7b325f70", "a275f74d769cfcc30e2c903f0ab6d0bf80945f406968e0dbf1bb272f7d4e7977", "a981b8bcc43366a937b1d430ba51ffea163f31fe7677bdcfb7e85933316ff7cb", "ee6fd2410076520921f3e0b0c92f1d49cb4761698e6153321a17240d0284dc20"], "path": "%TEMP%\\uiszf.exe"}], "ip": [{"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "ip": "94[.]23[.]247[.]202"}, {"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "ip": "104[.]127[.]78[.]8"}, {"hashes": ["72607710f6e1dcea2105ffb997577ad687b1b9d7eb09ffcb5c89c032dd892025"], "ip": "85[.]13[.]138[.]100"}], "mutex": [], "registry": []}, "reports_count": 27}, "Win.Dropper.Bifrost-10003394-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5e92bde9c6e41934843b329f30fa394747a78b0f1bf55fe238b6c5230b3a21ff", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "2a2fdae3db1da7c63f0f5011a96e641ca6bdf15519c478fbb6201f6434b2ec42", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5e92bde9c6e41934843b329f30fa394747a78b0f1bf55fe238b6c5230b3a21ff", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["5e92bde9c6e41934843b329f30fa394747a78b0f1bf55fe238b6c5230b3a21ff", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "2a2fdae3db1da7c63f0f5011a96e641ca6bdf15519c478fbb6201f6434b2ec42", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-section-execute-writable", "hashes": ["5e92bde9c6e41934843b329f30fa394747a78b0f1bf55fe238b6c5230b3a21ff", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "2a2fdae3db1da7c63f0f5011a96e641ca6bdf15519c478fbb6201f6434b2ec42", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-blank-name", "hashes": ["ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-asprotect", "hashes": ["ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-paragraphs", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialip", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-user-dir", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": []}, {"bi": "pe-header-numofsymbols", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "network-fast-flux-domain", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-prior", "hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-system-dir", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-with-multiple-children", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "malware-xtreme-rat-default-mutex-detected", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-packed-mpress", "hashes": ["f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-null", "hashes": ["f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot\" as signs that it's been successful. ", "hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "2a2fdae3db1da7c63f0f5011a96e641ca6bdf15519c478fbb6201f6434b2ec42", "457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac", "4a4bd82d14d058f9db132ac66bd2595276beb1237413328f04185103ac4a5faf", "5e92bde9c6e41934843b329f30fa394747a78b0f1bf55fe238b6c5230b3a21ff", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590", "739be7ae257e3e0d410ce63b06c12e9b78a8547c3dcc0db51aaf2b08e21d44f8", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "894a0f93d1b6ae784ea66a94316c9f8eae96f0cba6758dc56d188b1d854e61a8", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "8d097e10fd12d5ac2e845f74129c4b226eb806a250818bc618ccd2c861be6716", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "ab2d876b1763b356b3ecd6d643092bc8c7dd82d1c0bc84867b6dc0ccf6d6d61b", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000", "b39b5dd08c5d720bb1c8eb7e1a11765b74f51e30c263650782168b0b3d54ab4b", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "cd0861da22bc618b59fffcbb7d49724ae362e4a8699027016491b7f621f44d85", "cfed488010c478197a1f8b7b8d6105e38d09a2bf8366c08f0420e2262ed7b52e", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "e4c5327086aa98c3c4eabbba3cde5cc96bdb2ef4e560abb4e9c4e0f77614eedc", "e6c754d5e9521b06975aeaaa4baf4dd28da809a738fc795caa621e8a35760c9c", "ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f", "f356e4f20bd8ec4ab71f3b1589428c6b22993f6cf647b861c8303629bb4def53", "f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085", "fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542"], "iocs": {"domain": [{"hashes": ["05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f"], "host": "o-o---preferred---algerietelecom-alg1---v11---lscache8[.]c[.]youtube[.]com"}, {"hashes": ["76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f"], "host": "o-o[.]preferred[.]algerietelecom-alg1[.]v10[.]lscache7[.]c[.]youtube[.]com"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "host": "kazanthehacker[.]no-ip[.]biz"}], "file": [{"hashes": ["05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "ae4856c49aac3fa4e058b4e2392a18e0a5dfe69b82d3a13d1b468d1f8e4c0000"], "path": "%APPDATA%\\addons.dat"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "path": "%SystemRoot%\\InstallDir"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "path": "%SystemRoot%\\InstallDir\\Server.exe"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "path": "%TEMP%\\x.html"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).cfg"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "path": "%APPDATA%\\Microsoft\\Windows\\((Mutex)).dat"}, {"hashes": ["f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "path": "\\TEMP\\f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085.exe-up.txt"}, {"hashes": ["08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad"], "path": "\\TEMP\\08d25f18e27e564f0883159978b50290e7ebd2912d1b05d0b2aa8392a5f5c3ad.exe-up.txt"}, {"hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c"], "path": "\\TEMP\\a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c.exe-up.txt"}, {"hashes": ["ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3"], "path": "\\TEMP\\ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3.exe-up.txt"}, {"hashes": ["fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542"], "path": "\\TEMP\\fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542.exe-up.txt"}], "ip": [{"hashes": ["05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f"], "ip": "142[.]251[.]40[.]110"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "ip": "94[.]198[.]224[.]183"}], "mutex": [{"hashes": ["03a486f1e58a32af783feb2273f139d67122266734e907782c5b6c41761329fd", "05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0c9998474a98ff2c888ce06321cd1ca96638605b4e2cd6c5718a81a2f1512b68", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "60e31846bf8abf55a9ec25ba662b8baf80274612050fa6fe99e310155d9efded", "698383bfc72fd8365db3c5d813a7de3e0382e94b277540611758bf14521c0590", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "89911b1d88e8830368dfcf69598339e1b7b19c3b3639f46beabd4b49020603b5", "8ad02d524a25295aa279cfe2b74163c4691ac7b6f21077c2ae2e214d1df6208a", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "aa018e7efbfd40775ce525ac2b04bcf27f2f2218808e0071a84b41584e9ce429", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "name": "XTREMEUPDATE"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "name": "((Mutex))"}, {"hashes": ["f4e67cdc9c5c2547833f8a35d3436e51af2934e8d2a3ed280e254bfaf3c25085"], "name": "Global\\a393cd01-ffd9-11ed-9660-001517e12f47"}, {"hashes": ["a593220da78456dd5469edf080f5fe9dba4ae832f33abe8d47ce69ad68ddf22c"], "name": "Global\\0c0f8821-ffd9-11ed-9660-00151716a7e4"}, {"hashes": ["ea64a1c424d6b6fb01662d7fabfdde8e6e1759ce623d400af77519e9f389dad3"], "name": "Global\\2781b741-ffd9-11ed-9660-001517ee3e82"}, {"hashes": ["fae008550d11d591bd8a205e020d9d0fd48bdc2e581ae7463f0e8698e2a22542"], "name": "Global\\1dbccce1-ffd9-11ed-9660-001517e5ebdf"}], "registry": [{"hashes": ["05766408d060971c3a733be4c0769c62d7a7f65c482eec3539eb856af2f27fa2", "0f32c1e4073454efafe313094bb5d6c9f990e700d69cb4ca7e699a5328791e5d", "1b013415c69fa449fd92d5f2af6ef028063cafba50edaa348935637c31b863eb", "76f45f300c257f6b9b675a633a58e6cfa959b45f0d8c4adfc218b944db25e98f", "7d91952bb27f017806f964f1e5a4e9a60722b28dbaa821e5c3e1164ff63d9a16", "a1fe7e8686cc160e1d2f5eb2e6a050a1f5f408f33b32653c82f4c62704d4edd2", "b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee", "dcfaae18231f3ab2c2e39d3a8cfdaf0c2d9c32151ca4fe74cff3abc3be081654", "ea8d18344af83a13d77c9f4fc04ea558519d8fcbf7de0c92653bb530110ab85f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MEDIAPLAYER\\HEALTH\\{AA317502-AC9B-420F-AF7C-5E2088BA5EEA}", "value_name": null}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCU"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": "StubPath"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "InstalledServer"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": null}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{5460C4DF-B266-909E-CB58-E32B79832EB2}", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\HTTPD", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\HTTPD\\PROXY", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "AutodiscoveryFlags"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "DetectedInterfaceIpCount"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "LastDetectHighDateTime"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "LastDetectLowDateTime"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "LastDetectTime"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "LastDetectUrl"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\GENERAL", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\LATCHSET", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\GENERAL", "value_name": "Count"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\GENERAL", "value_name": "Time"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\LATCHSET\\E1A5055A471B7D71BC311C1EB8A52317D85DA6DC39F9557BE40C44595FDD86D9", "value_name": null}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA FOUNDATION\\NETWORK\\ROLLOVER\\GENERAL", "value_name": "SetTime"}, {"hashes": ["b97a43554d455344d2688c4af8024b4deedd8eda44ffff80b6b04595c9eecdee"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS MEDIA\\WMSDK\\LOCAL\\AUTOPROXYCACHE\\LAN", "value_name": "DetectedInterfaceIps"}, {"hashes": ["457a99913c4786a464eed2c5071df024e929860dd9cbb5067fde5ada1e4c91ac"], "key": "<HKCU>\\SOFTWARE\\((MUTEX))", "value_name": "ServerStarted"}]}, "reports_count": 36}, "Win.Dropper.DarkKomet-10003567-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "process-hollowing-detected", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-encrypted-section", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "created-executable-in-user-dir", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-long-cmdline", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-modification-reg", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "windows-firewall-modification", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "shades-rat-detected", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1562", "T1112"]}, {"bi": "malware-dorkbot-cmd-detected", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-activesetup-key-modified", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-vb-imports-toolhelp", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "dns-query-nxdomain", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-softice", "hashes": ["3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-packed-upx", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-browser-information", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "feed-domain-rat", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "mitre_attack_tags": []}, {"bi": "potential-registry-persistence", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0003"]}, {"bi": "unsigned-roaming-execution", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": ["TA0005"]}, {"bi": "created-executable-sample-appdata", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-uses-armadillo", "hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "hook-installed", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "malware-darkcomet-detected", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "mitre_attack_tags": []}, {"bi": "registry-disable-windefender", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-security-center-notifications", "hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "modified-file-in-system-dir", "hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "process-with-multiple-children", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-generic-infostealer", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "artifact-vm-detect", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "usb-drive-autoplay-modification", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0007", "TA0009", "T1120", "T1025"]}, {"bi": "process-check-syser-debugger", "hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-communications-http-get", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "process-requested-named-pipe", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "listening-port-opened", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "file-pending-delete", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "internet-explorer-phishing", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-snort-browser", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "mitre_attack_tags": []}, {"bi": "script-contains-url", "hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": []}, {"bi": "firefox-prefs-modified", "hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": ["TA0009"]}, {"bi": "internet-explorer-homepage-modified", "hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "mitre_attack_tags": ["TA0009"]}, {"bi": "files-deleted-used-batch", "hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-created-batch", "hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "mitre_attack_tags": ["TA0002", "T1059"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkKomet is a freeware remote access trojan released by an independent software developer. It provides the same functionality expected from a trojan, such as keylogging, webcam access, microphone access, remote desktop, URL download and program execution.", "hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6", "3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c", "de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5", "f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "iocs": {"domain": [{"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "host": "idisconnectpeople[.]no-ip[.]info"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "host": "blackshades[.]info"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "host": "mayfair[.]hazardflow[.]info"}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "host": "snkbot[.]no-ip[.]org"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "host": "incognegro[.]zapto[.]org"}, {"hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "host": "hf55[.]no-ip[.]biz"}, {"hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "host": "pit[.]deepbit[.]net"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "host": "liquidus2[.]no-ip[.]biz"}], "file": [{"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "\\Autorun.ini"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "E:\\Autorun.ini"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "path": "%APPDATA%\\explorer"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "path": "%APPDATA%\\explorer\\googlechrome"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "path": "%APPDATA%\\explorer\\local.exe"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "path": "\\autorun.inf"}, {"hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\prefs.js"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "path": "E:\\autorun.inf"}, {"hashes": ["22640c422be4ff514eade1863c819fbf393139f6e41347c666ac48255abd82c6"], "path": "%APPDATA%\\chrtmp"}, {"hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "path": "\\Windupdt"}, {"hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "path": "\\Windupdt\\winupdate.exe"}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "path": "%SystemRoot%\\SysWOW64\\Windupdt"}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "path": "%SystemRoot%\\SysWOW64\\Windupdt\\winupdate.exe"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "path": "%APPDATA%\\Java.exe"}, {"hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "path": "%APPDATA%\\windows.exe"}, {"hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "path": "%TEMP%\\help.bat"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "path": "%APPDATA%\\Microsoft\\lsass.exe"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\chro.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\dial.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\mess.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\mail.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\ptsg.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\iexp.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\opra.dat"}, {"hashes": ["ebf5882fd086a182a61f2906b3414230746985fd5837d9175fb8a60916ea46e2"], "path": "\\TEMP\\ffox.dat"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "\\globpluginspipe"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "path": "E:\\lsass.exe"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "path": "\\lsass.exe"}, {"hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "path": "%TEMP%\\miner.exe"}, {"hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "path": "%TEMP%\\udpconf1.exe"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "path": "E:\\0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd.exe"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "path": "%APPDATA%\\encdata"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "\\alexej.Bin"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "\\alexej.Bin\\491B57F0457.exe"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "%TEMP%\\O9c7245.exe"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "%TEMP%\\O9c7245.tmp"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "path": "\\alexej.Bin\\765B5220DDD9E7E"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "path": "\\0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd.exe"}, {"hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "path": "E:\\78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d.exe"}, {"hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "path": "\\78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d.exe"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "E:\\901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9.exe"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "%TEMP%\\june.exe"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "%TEMP%\\june2"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "path": "\\901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9.exe"}], "ip": [{"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "ip": "78[.]159[.]135[.]230"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "ip": "23[.]49[.]102[.]35"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "ip": "92[.]241[.]164[.]226"}], "mutex": [{"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c", "f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "name": "<random, matching [A-Z0-9]{10}>"}, {"hashes": ["3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["3d5672271dce5a19477c12854cfc9f224a41b33227ab6b8b30922126136ebb9e"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "name": "DC_MUTEX-F54S21D"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "name": "zXeRY3a_PtW|00000000"}, {"hashes": ["c8b2959233223bd921754946e44b73a6ba0c55722deeebfb7e6d2eca00148c27"], "name": "^F3*%P$-D4rQ"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "name": "Global\\autodateService"}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228"], "name": "DC_MUTEX-0TUK2B2"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "name": "Global\\SoS9WKC7SI9OK7SYGECG9YWWMKSK7CG"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "name": "Global\\OWoIWCUAG5YUAKsSQ9UKkO9kq1YmGWS"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "name": "Global\\autodateServicu"}], "registry": [{"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d", "901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9", "e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": null}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["623d563a4b10b4c2c79651a9228317a7658a3e295b4a16234fbcf0f156b85228", "ca41b01ac9a58a1264ef99d6768867b5f8faa2a0a25fbe9b4f3a808a5403462c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "winupdater"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\BLANK", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\BLANK", "value_name": null}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": "DC596I04Z1"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "blank"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "blank"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "blank"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\BLANK", "value_name": "StubPath"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\BLANK", "value_name": "StubPath"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": "DC596I04Z1"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd", "78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\explorer\\local.exe"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Login access"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{9BF73D4D-CEB3-CB24-E75B-560EEDBE2CA5}", "value_name": null}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{9BF73D4D-CEB3-CB24-E75B-560EEDBE2CA5}", "value_name": null}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{9BF73D4D-CEB3-CB24-E75B-560EEDBE2CA5}", "value_name": "StubPath"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{9BF73D4D-CEB3-CB24-E75B-560EEDBE2CA5}", "value_name": "StubPath"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": "HFK6JJNTY7"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": "HFK6JJNTY7"}, {"hashes": ["e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\TEMP\\e1110329c1f8ef7c54506a4ad279d1560609d4b8eab7da8e68fafbfa5f78948c.exe"}, {"hashes": ["de6b551a67008f464c5b0e4e7f38d2757eb95f918ee397782897bce8e258b50a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "CPU Config"}, {"hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Login access"}, {"hashes": ["f29de80fc940c88fd423fc0dd88d48e3ab131f0d3fd0dc9344f79bfd6855a3f5"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION", "value_name": "Start Page"}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7F5WWG7X7IUBYA4EHRPGRQITEBA"}, {"hashes": ["0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\TEMP\\0288fb5c371a33c58883927f547cefb16b0165ad7c9e922f0afa0d6b726296fd.exe"}, {"hashes": ["78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\TEMP\\78c41240c9dd752e4fc0aa7c5cd72764cac96ad07a59492e23f0617abc6b3e9d.exe"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{8CCBF1C1-D87F-DEF7-A8C2-F72C9EE97AED}", "value_name": null}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{8CCBF1C1-D87F-DEF7-A8C2-F72C9EE97AED}", "value_name": null}, {"hashes": ["f500baa7beaedf08be0feaa75a33812495fde2648a80c2f5e64526f6879b4bb6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT WINDOWS", "value_name": "000002A6A6BAAFC4"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Windows Defender"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{8CCBF1C1-D87F-DEF7-A8C2-F72C9EE97AED}", "value_name": "StubPath"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{8CCBF1C1-D87F-DEF7-A8C2-F72C9EE97AED}", "value_name": "StubPath"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": "51L7PL6RBW"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": "51L7PL6RBW"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\TEMP\\901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9.exe"}, {"hashes": ["901a662f47c5423de665e80c39dd46d3763a292b169b19fcdb89f139fcb2e4c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\june.exe"}]}, "reports_count": 13}, "Win.Dropper.Glupteba-10003588-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "enumeration-browser-information", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003"]}, {"bi": "cmd-exe-file-execution", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "excessive-process-creates", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-certificate", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-exe", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-header-subsystem", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "windows-util-bcdedit", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-vmware", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-discord-domain-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-stun", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "listening-port-opened", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "pe-packed-upx", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "embedded-pe-resource2", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "dns-punycode-domain-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "mitre_attack_tags": ["TA0011", "TA0005", "T1132", "T1027"]}, {"bi": "hook-installed", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-known-trojan-av", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-trojan-coinminer-detected", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "cryptonight-library-detected", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "malware-pe-stratum-coinminer", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "network-opendns-malicious", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and also steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "iocs": {"domain": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "fastprivate[.]me"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "stun1[.]l[.]google[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "stun[.]ipfire[.]org"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "stun4[.]l[.]google[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]ae[.]org"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "stun[.]l[.]google[.]com"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "stun[.]stunprotocol[.]org"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "stun2[.]l[.]google[.]com"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "stun3[.]l[.]google[.]com"}, {"hashes": ["d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "host": "server3[.]mastiakele[.]icu"}, {"hashes": ["d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]icu"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]\\xd0\\xbe\\xd0\\xba\\xd1\\x80\\xd1\\x84[.]\\xd1\\x80\\xd1\\x84"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghaoz[.]net"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]cyou"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurop[.]cloud"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghao[.]su"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshang[.]ru"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835"], "host": "server4[.]zaoshanghaoz[.]net"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "server6[.]zaoshang[.]ru"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "host": "server14[.]mastiakele[.]cyou"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "server1[.]xn--j1ahhq[.]xn--p1ai"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "server15[.]cdneurop[.]cloud"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "server11[.]mastiakele[.]ae[.]org"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "host": "server10[.]mastiakele[.]ae[.]org"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "host": "server3[.]mastiakele[.]ae[.]org"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "server15[.]zaoshanghao[.]su"}], "file": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\rss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector\\NtQuerySystemInformationHook.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector\\injector.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\tor"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\windefender.exe"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\f801950a962ddba14caaa44bf084b55c.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup\\xarch"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup\\xarch\\wup.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\1bf850b4d9587c1017a75a47680584c4.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\dcb505dc2b9d8aac05f4ca0727f5eadb.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\7507ffc9a340f774985cb5ca11ca78c4.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\2dbc44aae677e2661475da5b2a3aac2e.exe"}], "ip": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "20[.]209[.]34[.]36"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "20[.]150[.]70[.]36"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "142[.]250[.]15[.]127"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "172[.]67[.]186[.]113"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "185[.]82[.]216[.]48"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "ip": "81[.]3[.]27[.]44"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "74[.]125[.]128[.]127"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "185[.]82[.]216[.]50"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "20[.]150[.]79[.]68"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "104[.]21[.]1[.]4"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "ip": "162[.]159[.]135[.]233"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "108[.]177[.]102[.]127"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "142[.]250[.]112[.]127"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "ip": "172[.]253[.]120[.]127"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "185[.]82[.]216[.]64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "ip": "20[.]150[.]38[.]228"}], "mutex": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\SetupLog"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "WininetConnectionMutex"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\qtxp9g8w"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\kn29r6c6"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\473ggh6j"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\wpewcqppg8z44x89"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\IV71LG3P"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\986spw6e"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\ag7xpe52"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\wpsSerMutex5"}], "registry": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INSTALLKEY", "value_name": null}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": null}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "Publisher"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "UninstallString"}]}, "reports_count": 10}, "Win.Dropper.Nanocore-10003611-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-executable", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "created-executable-in-user-dir", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "created-executable-sample-appdata", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "windows-vault-api", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "artifact-windows-task", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sc-service-stop-windefend", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-zone-identifier", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-created-executable-autorun", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-communications-smtp", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "firefox-cookie-read", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cmd-exe-file-execution", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-on-usb", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "startup-folder-modification", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-file-modifications", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "firefox-cert-database-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0006", "T1555"]}, {"bi": "firefox-prefs-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-read-ie-cookies", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-modified-quick-launch-file", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "wbadmin-file-deletion-detected", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1485"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "process-deletes-many-files", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "enumeration-email-program-information", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "network-smtp-spambot", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-smtp-attachment", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "feed-domain-rat", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "modified-file-in-program-dir", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "iocs": {"domain": [{"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "host": "api[.]ipify[.]org"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "host": "apps[.]identrust[.]com"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "host": "mail[.]nereus[.]cl"}, {"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "host": "ucnano180523[.]ddns[.]net"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "host": "mail[.]sgsbauto[.]com"}], "file": [{"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%TEMP%\\tmp<random, matching [A-F0-9]{1,4}>.tmp"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IECompatCache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IECompatUACache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IEDownloadHistory\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IETldCache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Libraries\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\PrivacIE\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Recent\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\SendTo\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\bookmarkbackups\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\webapps\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Documents\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Music\\Sample Music\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Music\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Pictures\\Sample Pictures\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Pictures\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Videos\\Sample Videos\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Videos\\read_it.txt"}, {"hashes": ["e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%APPDATA%\\VtnPmuDlIkH.exe"}, {"hashes": ["e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%System32%\\Tasks\\Updates\\VtnPmuDlIkH"}, {"hashes": ["e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df"], "path": "%APPDATA%\\MmRKwR\\MmRKwR.exe"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%APPDATA%\\s24mgf14.wzk\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507"], "path": "%APPDATA%\\UqhqQm.exe"}, {"hashes": ["1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507"], "path": "%System32%\\Tasks\\Updates\\UqhqQm"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "path": "%APPDATA%\\tghqdPXcdPWV.exe"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "path": "%System32%\\Tasks\\Updates\\tghqdPXcdPWV"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%APPDATA%\\aIDXqy.exe"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%System32%\\Tasks\\Updates\\aIDXqy"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "path": "%APPDATA%\\sgDsWOSPtLnmKb.exe"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "path": "%System32%\\Tasks\\Updates\\sgDsWOSPtLnmKb"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "path": "%APPDATA%\\npuchjtv.1ts\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "path": "%APPDATA%\\rVlKlic.exe"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%TEMP%\\s2jd0o94i.jpg"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "path": "%System32%\\Tasks\\Updates\\rVlKlic"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Desktop\\read_it.txt"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%APPDATA%\\sOFvE\\sOFvE.exe"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%APPDATA%\\mssgRpOSZEPHsf.exe"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%System32%\\Tasks\\Updates\\mssgRpOSZEPHsf"}], "ip": [{"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "64[.]185[.]227[.]155"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "23[.]193[.]194[.]148"}, {"hashes": ["efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "ip": "173[.]231[.]16[.]76"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "162[.]241[.]60[.]79"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "ip": "46[.]105[.]157[.]241"}, {"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "ip": "45[.]12[.]253[.]242"}], "mutex": [{"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "name": "Global\\{0d867adb-3500-4c95-b576-70e197aae229}"}, {"hashes": ["3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca"], "name": "SBmdTDfceAO"}, {"hashes": ["10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb"], "name": "dguPijsTgw"}, {"hashes": ["8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "name": "O64O3T231GHA5GE5"}, {"hashes": ["8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "name": "urTYJlYpYYNDkAVkNuNKf"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "name": "kHCbAyHopHm"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "name": "fsmTWPRqOirFDgctmfcTeCy"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "name": "AeqWcHrmYllWoFRInLc"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "name": "zfBIOx"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "name": "tIJFKdFWJdJzxCITKNerlYSxEC"}, {"hashes": ["efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "name": "hmRipQYdtfQNsUPHFxksrc"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "name": "gtRQfGqEtQfZ"}], "registry": [{"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesVersion"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "newapp"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesChanges"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "YLcqPJe"}, {"hashes": ["e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MmRKwR"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesResolve"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "Favorites"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "sOFvE"}]}, "reports_count": 20}, "Win.Dropper.Tofsee-10003414-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "790eeb5febfc4bcc7aa3b14c3dcd81a4fbd00bf727f0c0cd9623e4d3179fad94", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "76879ab7212540d378168b2564b9f37db4537b50f6dc369c26b647e85c444c57", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "2436911de6028f64f426467d1d1b8cd3b50e3c84fca97ac7a2239ec9a1e394b9", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "f2b4c728867bcc659b1f180783aa3c748f2ee95f0d2f6ed2fdc13869b1b9f0ff", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "790eeb5febfc4bcc7aa3b14c3dcd81a4fbd00bf727f0c0cd9623e4d3179fad94", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "76879ab7212540d378168b2564b9f37db4537b50f6dc369c26b647e85c444c57", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "2436911de6028f64f426467d1d1b8cd3b50e3c84fca97ac7a2239ec9a1e394b9", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "f2b4c728867bcc659b1f180783aa3c748f2ee95f0d2f6ed2fdc13869b1b9f0ff", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "76879ab7212540d378168b2564b9f37db4537b50f6dc369c26b647e85c444c57", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "2436911de6028f64f426467d1d1b8cd3b50e3c84fca97ac7a2239ec9a1e394b9", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "f2b4c728867bcc659b1f180783aa3c748f2ee95f0d2f6ed2fdc13869b1b9f0ff", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-executable", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "cmd-exe-file-execution", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-dns-category-cnc", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0011"]}, {"bi": "sc-service-start", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-create-execute", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "network-file-uploaded", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-communications-http-get", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "http-response-redirect", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "mitre_attack_tags": []}, {"bi": "html-hosting-provider-warning", "hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-client-error", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-vault-api", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "malware-known-trojan-av", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "pe-uses-heavens-gate", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-lokibot-user-agent-detected", "hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "url-not-found", "hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": []}, {"bi": "double-url-detected", "hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "mitre_attack_tags": ["TA0011", "T1102"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features several modules to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["008287c73e9c9e8964d5f615500010e75ac4b737efe8addced3c76f6e91e19f3", "0f42edd76f7309fbf1e26780e1e3e184dfa6d291ef6516ab8ae9c3107082eb39", "16938ef04245cc85a978529dbf17dbad84d361edb8561b8a42fd9e7f1ec32357", "176091498be9e921bbda75219f294d79890b02d5a6a43ec57b4df79f1536e783", "1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "21f0ce1042da578786da666a47fbf0101147e0a16c2c0fbb2b110eb6e46130a7", "2436911de6028f64f426467d1d1b8cd3b50e3c84fca97ac7a2239ec9a1e394b9", "47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "61bb445b5986840c291ec769d672ee12eb458c754166a8e8ad3007a188ed4062", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "76879ab7212540d378168b2564b9f37db4537b50f6dc369c26b647e85c444c57", "790eeb5febfc4bcc7aa3b14c3dcd81a4fbd00bf727f0c0cd9623e4d3179fad94", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973", "c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "d57922015161e3384aa16923df485962f4c2748efc5428abdf2186d92310e889", "e052d025bda86a537b081d1aeb774af8a278bcea52b1bf8dece5549c9533b5f5", "f2b4c728867bcc659b1f180783aa3c748f2ee95f0d2f6ed2fdc13869b1b9f0ff", "f8f8c6e0a694cf620abea90157f51df3d88cae0172d6fac19b5b50a719d37d12", "fab803772af2c5ce91a85670e09506e3b0328df4753491ef29ab30552fa71189", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc"], "iocs": {"domain": [{"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "host": "microsoft[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "host": "vanaheim[.]cn"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "i[.]instagram[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "www[.]google[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "mobile[.]twitter[.]com"}, {"hashes": ["5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "www[.]instagram[.]com"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "video-weaver[.]lax03[.]hls[.]ttvnw[.]net"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "www[.]evernote[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "www[.]amazon[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "www[.]tiktok[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "completion[.]amazon[.]com"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "outlook[.]office365[.]com"}, {"hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "slambminerals[.]co[.]zw"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "ebay[.]es"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "api[.]youla[.]io"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "usinfo[.]hvf[.]ru"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "uteplenie-05[.]ru"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "mirror[.]04fx[.]net"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "[2a00"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "[2a03"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "bien-naitre-cysoing[.]fr"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "zahraapp[.]com"}, {"hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "host": "identity[.]bitwarden[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "login[.]szn[.]cz"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "fishingfoot[.]com"}, {"hashes": ["c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "host": "118[.]192[.]124[.]176[.]in-addr[.]arpa"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "ait[.]2608283a[.]us-east-1[.]captcha[.]awswaf[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "sanlam[.]projecttools[.]app"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "clients3[.]google[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "ygs[.]net[.]au"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "alhamdstudio[.]com"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "act[.]smartmarketing[.]mk"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "lgpd[.]leonardi[.]com[.]br"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "host": "bva-cci[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "fls-na[.]amazon[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "unagi-na[.]amazon[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "p3epspumangb5dvijf52er7wdi[.]appsync-api[.]us-east-1[.]amazonaws[.]com"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "host": "unagi[.]amazon[.]com"}], "file": [{"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}], "ip": [{"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "ip": "80[.]66[.]75[.]254"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "ip": "176[.]124[.]192[.]118"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "142[.]250[.]176[.]196"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "176[.]113[.]115[.]239"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "45[.]143[.]201[.]238"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "176[.]113[.]115[.]84"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "104[.]244[.]42[.]198"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "157[.]240[.]205[.]63"}, {"hashes": ["5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "104[.]16[.]120[.]50"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "52[.]223[.]241[.]7"}, {"hashes": ["5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "ip": "40[.]93[.]207[.]1"}, {"hashes": ["5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "20[.]112[.]52[.]29"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "20[.]81[.]111[.]85"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "212[.]82[.]101[.]24"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "40[.]93[.]207[.]7"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "192[.]178[.]50[.]68"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "104[.]123[.]192[.]220"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "103[.]20[.]200[.]209"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "142[.]250[.]184[.]238"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "31[.]31[.]198[.]239"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "5[.]61[.]236[.]235"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "209[.]140[.]139[.]232"}, {"hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "143[.]90[.]14[.]135"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "142[.]250[.]74[.]36"}, {"hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "ip": "104[.]18[.]13[.]33"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "40[.]93[.]207[.]5"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "77[.]75[.]78[.]104"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "13[.]35[.]96[.]84"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "23[.]15[.]9[.]40"}, {"hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "ip": "194[.]180[.]48[.]58"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "199[.]188[.]201[.]149"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "192[.]64[.]118[.]42"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "162[.]240[.]43[.]190"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "ip": "185[.]162[.]30[.]177"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "52[.]46[.]144[.]253"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "18[.]164[.]96[.]20"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "154[.]0[.]173[.]78"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "142[.]250[.]185[.]131"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "157[.]240[.]252[.]60"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "142[.]250[.]186[.]67"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "35[.]170[.]3[.]43"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "52[.]46[.]145[.]203"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "99[.]84[.]37[.]42"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "209[.]54[.]179[.]248"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "ip": "132[.]245[.]230[.]0"}], "mutex": [{"hashes": ["47a1812f58beda34ca7b20f6ec29af7e933696d7352011ba59facad26496e79d", "879e3b5e6a12fdcd87b61d7b5fc2ec074c8e7b8e6ef92e0bde7c4692ac58d798", "989e6a13fa14aa8bf6a4c683f09fd69e8b30fcee7a1454fd88a311bc4acd6137", "a7a195b0d16fa842d7d4aac43142d63c4cabfe46444a85e83aa444fe4f781b56", "be1e2462735391e9a7a9054c9acbbfec29e464b37e1d932655d46dd0700bb3e3", "c83fd9a15592cb220254275dd623a561e7f0cd7cb9083ee2b48c08a399cd32a5", "cf3ae9f22ff51fed8cf68b9d33fb356211bd1f262b6e9537bbce47829fbe2526", "fda0337da404f5fecb84615fe53ff57a456d2da19d629a25109f98503a7f5dfc"], "name": "Global\\<random guid>"}, {"hashes": ["7c7ceeedb2701b97482120051287570bb5d67749a285921664f3b17c926b687d"], "name": "3749282D282E1E80C56CAE5A"}], "registry": [{"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d", "c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce", "5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f", "6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd", "7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["7b62f413d06f80ee52c866aae87586af3c40ff58fabcdc8107a508fcab9a703d"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\oyavrjie"}, {"hashes": ["1acf37095f74755c7eeef714919f783616b1f83c316bbee6a934210ede39bfce"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\nxzuqihd"}, {"hashes": ["c3212b135d7d55ca971ad91c7f8690e979d8b312e75097527ff081b21f0b8973"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gqsnjbaw"}, {"hashes": ["5cb714dd0f231451185cd9b42027a1012b33f7dc74550c25116083405ac3478f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\zjlgcutp"}, {"hashes": ["6bdf6ce739aeddd1064d1dac7783d81b18f4416ec3dc421f7cc6dc32c78f03fd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\dnpkgyxt"}]}, "reports_count": 28}, "Win.Virus.Expiro-10003154-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-visual-basic", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "hook-installed", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-uses-dot-net", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "process-with-multiple-children", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-snort-pua", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "sinkholed-http-response-header", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "possible-dga-communication", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "http-response-redirect", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": []}, {"bi": "possible-privilege-escalation-detected", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776"], "mitre_attack_tags": ["TA0004", "T1068"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": ["TA0011"]}, {"bi": "http-response-client-error", "hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "mitre_attack_tags": []}, {"bi": "audio-video-mutex-detected", "hashes": ["807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "html-malicious-page-not-found", "hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054"], "mitre_attack_tags": []}, {"bi": "html-js-uses-window-open", "hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350"], "mitre_attack_tags": ["TA0001", "T1189"]}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "iocs": {"domain": [{"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "cvgrf[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "npukfztj[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "przvgke[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "zlenh[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "pywolwnvd[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "knjghuig[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "ssbzmoy[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "uhxqin[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "anpmnmxo[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "lpuegx[.]biz"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "vjaxhpbji[.]biz"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "host": "ww25[.]uhxqin[.]biz"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "host": "ww25[.]anpmnmxo[.]biz"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "ww16[.]uhxqin[.]biz"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "host": "ww16[.]anpmnmxo[.]biz"}], "file": [{"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\setup.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%CommonProgramFiles%\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPSVC.EXE"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%CommonProgramFiles(x86)%\\microsoft shared\\Source Engine\\OSE.EXE"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles(x86)%\\Microsoft Office\\Office14\\GROOVE.EXE"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles(x86)%\\Mozilla Maintenance Service\\maintenanceservice.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%System32%\\alg.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%System32%\\dllhost.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\ehome\\ehrecvr.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\ehome\\ehsched.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{33EC2C09-9668-4DE7-BCC0-EFC69D7355D7}.crmlog"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngen_service.log"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngen_service.log"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenservicelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngenrootstorelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngenservicelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\Mozilla\\logs\\maintenanceservice.log"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\Microsoft\\eHome\\RecoveryTasks"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\ngenofflinequeuelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\ngenservice_pri1_lock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\ngenofflinequeuelock.dat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%System32%\\LogFiles\\Scm\\493be8b4-084c-4414-a0e3-e7edc47959b2"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%System32%\\LogFiles\\Scm\\6191bf2a-eda7-4434-a7d4-0fcf62dd8b1e"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%APPDATA%\\98b68e3c311dcc78.bin"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%SystemRoot%\\Registration\\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{BC2D650C-27B2-4F43-AEB3-3D7E6C8E9C23}.crmlog"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%System32%\\config\\systemprofile\\AppData\\Roaming\\98b68e3c311dcc78.bin"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles%\\7-Zip\\7z.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles%\\7-Zip\\7zFM.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles%\\7-Zip\\7zG.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles%\\7-Zip\\Uninstall.exe"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\Counter.mem"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\mcepg2-0.db"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\mcepg2-0\\Blocks.mem"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\mcepg2-0\\Events.mem"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\mcepg2-0\\Root.mem"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\Microsoft\\Crypto\\RSA\\S-1-5-18\\8f96978fc46d9f00d8780351026924d7_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramData%\\microsoft\\ehome\\mcepg2-0"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "path": "%ProgramFiles%\\Zulu\\zulu-8\\bin\\appletviewer.exe"}], "ip": [{"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "63[.]251[.]106[.]25"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "206[.]191[.]152[.]58"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "167[.]99[.]35[.]88"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "82[.]112[.]184[.]197"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "ip": "173[.]231[.]184[.]122"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "ip": "103[.]224[.]182[.]251"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "ip": "199[.]59[.]243[.]223"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53"], "ip": "72[.]5[.]161[.]12"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "103[.]224[.]182[.]208"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "ip": "64[.]190[.]63[.]136"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "ip": "178[.]162[.]217[.]107"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "ip": "178[.]162[.]203[.]202"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "ip": "91[.]195[.]240[.]12"}, {"hashes": ["681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "ip": "85[.]17[.]31[.]122"}, {"hashes": ["c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de"], "ip": "178[.]162[.]203[.]226"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776"], "ip": "5[.]79[.]71[.]225"}], "mutex": [{"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\OfficeSourceEngineMutex"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\Media Center Tuner Request"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\Multiarch.m0yv-98b68e3c311dcc78-inf"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\Multiarch.m0yv-98b68e3c311dcc78493cd690-b"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\Multiarch.m0yv-98b68e3c311dcc789ea72c54-b"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "http://www.microsoft.com/windowsxp/mediacenter/ehtray.exe/singleinstancemutex"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreAddStoredType_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreCreateTable_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreOpen_b4cae1f9a3aead62bebb934ca33cadb730c8d3ed"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreSyncMem_02004a9f865399b5c2a02973d5e53544ed4ce2ea"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreSyncMem_5ea381292eeb3ed3e61dc84a3dbd4d7f59767eca"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreSyncMem_71bdfe29063ac557a4e7b3205ed180408457fcd4"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\MCStoreSyncMem_7715dc857070a1523dea43f32f1fe67c1ce58e0b"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\PVRLibraryLock_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:x"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbMutex_1"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbMutex_2"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbMutex_3"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbMutex_4"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbMutex_5"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbRWMutex_1"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\eHome_DbRWMutex_2"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-18"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\PVRDiskMonitorLock_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\PVRPriorityWriteLock_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\PVRScheduleWriteLock_a1d78cdcc411921ce3b07770aa2a0e0745789b11"}, {"hashes": ["af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1728"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1200"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1464"}, {"hashes": ["681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:988"}, {"hashes": ["37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1100"}, {"hashes": ["763ada5bd0a94469cd5c765cab392a4b443b6cfddebc4cd6352ae151da5fc054"], "name": "Global\\0365d4a1-fd58-11ed-9660-00151710331d"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1548"}, {"hashes": ["a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1940"}, {"hashes": ["f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1640"}, {"hashes": ["834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1904"}, {"hashes": ["2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f"], "name": "Global\\__?_c:_programdata_microsoft_ehome_mcepg2-0.db:splk:1840"}], "registry": [{"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMSYSAPP", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MOZILLAMAINTENANCE", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSE", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ALG", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHRECVR", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MICROSOFT SHAREPOINT WORKSPACE AUDIT SERVICE", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSPPSVC", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS", "value_name": null}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\EHPRIVJOB", "value_name": "DRMInitResult"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\STATE", "value_name": "AccumulatedWaitIdleTime"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\.NETFRAMEWORK\\V2.0.50727\\NGENSERVICE\\LISTENEDSTATE", "value_name": "RootstoreDirty"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ALG", "value_name": "ObjectName"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MICROSOFT SHAREPOINT WORKSPACE AUDIT SERVICE", "value_name": "ObjectName"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHRECVR", "value_name": "ObjectName"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "46251ae3625c070d6f262c8fa620bb0a5ee9947730a8d8750342efc33e15d69f", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "afad241234b3666b67a6114147579289f9aceb4b69ec269f8bcf5abead167e53", "c8774e855e434605aca4268812982d2fac3bfda3d90769863d9119ac14e775de", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\OSPPSVC", "value_name": "ObjectName"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSCHED", "value_name": "Start"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": null}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": "ServiceFailures"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": "ServiceStarted"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": "Heartbeat"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": "WaitingForShutdown"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\SCHEDULER", "value_name": "HeartbeatIntervalMs"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER", "value_name": null}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\RECORDING", "value_name": "RecordPath"}, {"hashes": ["1b9b0bf994336557950714a3501beb9af7d644358872733dd3ab49d1bfc7f776", "2714633aa8e3b05103ba0dd92c97f535a3174d30cc365b144fd1e76c4bef931f", "37eb385f36c1f21a36b6bd29cf684cf3537b74c7230f62b784df5441aa57b72b", "543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5", "a2fd371a2321facf47d75cdfeac2b88076f9eeb401241aff44810ecf8cf6f0b1", "af65508f8dfad40f084cc222172ffe6d925d45b5dd0b8b3c0a324c127de2453d", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\EHSCHED", "value_name": "ObjectName"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE", "value_name": null}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS", "value_name": "RecInfoVersion"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS", "value_name": "ServiceVersion"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE\\DEVENUM 64-BIT", "value_name": null}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "66b3d3d622be554c5dd939b2457c4f9b669a1e82f0bca0d0c1ae89ead8ae7fdc", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKU>\\.DEFAULT\\SOFTWARE\\MICROSOFT\\ACTIVEMOVIE\\DEVENUM 64-BIT", "value_name": "Version"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS\\DVR", "value_name": "WMPacketSizeBytes"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS\\DVR", "value_name": "MaxFullFrameForwardRate"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS\\DVR\\IO\\WRITER", "value_name": "DVRDirectory"}, {"hashes": ["543d155d1cf71b6cfcbc1f1de78c843f3abec95a3dce9d519db380795d589350", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "e38aa1569670346e76402ade2b423fa9207079b16d58b3b737648c4262c68189", "f03dd68c60f9e691f3fcd6022b43a99060818eca93eb4eb5c9663e11bb4ca003"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\MEDIA CENTER\\SERVICE\\VIDEO\\TUNERS\\DVR", "value_name": "StartRecordingStopsCur"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\SECURITY", "value_name": null}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\RECEIPTS", "value_name": "Password"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX", "value_name": "MaxLineCloseTime"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX", "value_name": "AllowRemote"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\DEVICE PROVIDERS\\{2172FD8F-11F6-11D3-90BF-006094EB630B}", "value_name": "APIVersion"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\DEVICE PROVIDERS\\{2172FD8F-11F6-11D3-90BF-006094EB630B}", "value_name": "GUID"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\RECEIPTS", "value_name": "Server"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\RECEIPTS", "value_name": "From"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX\\RECEIPTS", "value_name": "User"}, {"hashes": ["6468fe8ec51dc27a5ebe9b0fd2c0bb8e5e492868b98fcbde8a729297bc03fd84", "681aeb91e0102d018b765885fa4b3c24462698d4c66c00c49f5e1153be2afdf7", "807b5a1a240bb2750c90fe76f28c81dba120c7a088a643730937d28bb817fe39", "834e15242912cffa68dfc1e6acbb6ba9f0951974c80c6d858157472c0edbd1a5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\FAX", "value_name": "ManualAnswerDevice"}]}, "reports_count": 17}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-06-02T21:18:25+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Nanocore-10003611-0", "Win.Dropper.Glupteba-10003588-0", "Win.Downloader.Upatre-10003575-0", "Win.Dropper.DarkKomet-10003567-0", "Win.Dropper.Tofsee-10003414-0", "Win.Dropper.Bifrost-10003394-0", "Win.Virus.Expiro-10003154-0"]}