{"Doc.Downloader.Valyria-10003621-0": {"bis": [{"bi": "document-contains-vba-macro", "hashes": ["46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "vba-document-calls-shell", "hashes": ["46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vba-creates-and-runs", "hashes": ["46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86"], "mitre_attack_tags": []}, {"bi": "vba-document-close", "hashes": ["46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86"], "mitre_attack_tags": ["TA0002", "T1204"]}, {"bi": "vba-document-open", "hashes": ["cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2", "07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "These variants of Valyria are malicious Microsoft Word documents that contain embedded VBA macros used to distribute other malware. ", "hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "iocs": {"domain": [], "file": [{"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRD0000.doc"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "path": "%TEMP%\\.tmp"}], "ip": [], "mutex": [{"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "name": "Local\\WinSpl64To32Mutex_10960_0_3000"}], "registry": [{"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Name"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Path"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Extensions"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Name"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Path"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Extensions"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Name"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Path"}, {"hashes": ["07a207d41d5669719706ae493e174c74252cb42b8139c97726edb721942901d7", "098833c966a76c0b54818a472507c96d274f4ac6c93a428aaa65fb9dfb5984a1", "20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1", "23b5d97be4f74c16ac98a931c3997d0c6fa3aa5e703db2d2dac224a2e310a84c", "25c57508a437ecb742ea8f1772466127aba604cf6b02d73937181c35cd5508c6", "34bd0b0976be0df40c197b1933c3080245208df18a9fe66e74fe46631159aa0d", "3b3a789fe9d6d3bb526243af373bc36ef169e01068f2df9153669cf3bcebbab0", "46a139afae1f3f5a9a8c82311a5453aead22f3d8209c01d5c5c69626c4a56fb5", "5711ce07377f183293ef7e3598f9b7f06d562e4dddb301fbb75718d0fba0930a", "6b1b0d48bc95a2068a506218a7eba91670b4d462e8e149cf7c9d1b0bdfb7d00c", "726fb562b5bc3a73709947bd5422d188d2ec5adc0425cfdf189200fae56b8591", "7637d57389c1436e16c045d30151dca6027975112e0c0132ea5ccff2071d81d1", "938390d91eea8cb1b605b1040aa44bc62368b3dad6b59e495e8bfd462cf74d05", "b2f975840dc1e961a6f9e63f32bc02ccc88af0bf33b8bffcbda147c96e6651fa", "bdc72b3bc3f55b0166abe6a449727351bed7327624efedc4e76acaeb5f1b7b86", "cb7aefb789788152ad2a80efdbc50a2527a1cb57cdd37203029b2482d040eeb2"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Extensions"}, {"hashes": ["20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STARTPAGE", "value_name": "StartMenu_Balloon_Time"}, {"hashes": ["20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1"], "key": "\\SOFTWARE\\MICROSOFT\\OFFICE\\14.0\\WORD\\RESILIENCY\\DOCUMENTRECOVERY\\8BC0208", "value_name": null}, {"hashes": ["20657c7da5149507db1c410432cacb916fb109616f74ade4d95caeb2d9dc5dc1"], "key": "\\SOFTWARE\\MICROSOFT\\OFFICE\\14.0\\WORD\\RESILIENCY\\DOCUMENTRECOVERY\\8BC0208", "value_name": "8BC0208"}]}, "reports_count": 16}, "Win.Dropper.Glupteba-10003588-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "enumeration-browser-information", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003"]}, {"bi": "cmd-exe-file-execution", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-imports-empty", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "excessive-process-creates", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-certificate", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-exe", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-header-subsystem", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "windows-util-bcdedit", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-vmware", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-discord-domain-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-stun", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "listening-port-opened", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "pe-packed-upx", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "embedded-pe-resource2", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-null", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}, {"bi": "dns-punycode-domain-detected", "hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "mitre_attack_tags": ["TA0011", "TA0005", "T1132", "T1027"]}, {"bi": "hook-installed", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "malware-known-trojan-av", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "malware-trojan-coinminer-detected", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "cryptonight-library-detected", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "malware-pe-stratum-coinminer", "hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "network-opendns-malicious", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "iocs": {"domain": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "fastprivate[.]me"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "stun1[.]l[.]google[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "stun[.]ipfire[.]org"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "stun4[.]l[.]google[.]com"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]ae[.]org"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "stun[.]l[.]google[.]com"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "stun[.]stunprotocol[.]org"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "stun2[.]l[.]google[.]com"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "stun3[.]l[.]google[.]com"}, {"hashes": ["d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "host": "server3[.]mastiakele[.]icu"}, {"hashes": ["d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]icu"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]\\xd0\\xbe\\xd0\\xba\\xd1\\x80\\xd1\\x84[.]\\xd1\\x80\\xd1\\x84"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghaoz[.]net"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]mastiakele[.]cyou"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]cdneurop[.]cloud"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshanghao[.]su"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "e93c35a1-5b7c-447e-bcec-65b84e83dd99[.]uuid[.]zaoshang[.]ru"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835"], "host": "server4[.]zaoshanghaoz[.]net"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "host": "server6[.]zaoshang[.]ru"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e"], "host": "server14[.]mastiakele[.]cyou"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "host": "server1[.]xn--j1ahhq[.]xn--p1ai"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "host": "server15[.]cdneurop[.]cloud"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "host": "server11[.]mastiakele[.]ae[.]org"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "host": "server10[.]mastiakele[.]ae[.]org"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "host": "server3[.]mastiakele[.]ae[.]org"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "host": "server15[.]zaoshanghao[.]su"}], "file": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\rss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector\\NtQuerySystemInformationHook.dll"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\injector\\injector.exe"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\tor"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%SystemRoot%\\windefender.exe"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "path": "%TEMP%\\csrss\\f801950a962ddba14caaa44bf084b55c.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup\\xarch"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\wup\\xarch\\wup.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\1bf850b4d9587c1017a75a47680584c4.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\dcb505dc2b9d8aac05f4ca0727f5eadb.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\7507ffc9a340f774985cb5ca11ca78c4.exe"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "path": "%TEMP%\\csrss\\2dbc44aae677e2661475da5b2a3aac2e.exe"}], "ip": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "20[.]209[.]34[.]36"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "20[.]150[.]70[.]36"}, {"hashes": ["cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "142[.]250[.]15[.]127"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "172[.]67[.]186[.]113"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "185[.]82[.]216[.]48"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "ip": "81[.]3[.]27[.]44"}, {"hashes": ["c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "74[.]125[.]128[.]127"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "185[.]82[.]216[.]50"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "20[.]150[.]79[.]68"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "104[.]21[.]1[.]4"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858"], "ip": "162[.]159[.]135[.]233"}, {"hashes": ["daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292"], "ip": "108[.]177[.]102[.]127"}, {"hashes": ["fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "ip": "142[.]250[.]112[.]127"}, {"hashes": ["cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9"], "ip": "172[.]253[.]120[.]127"}, {"hashes": ["f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68"], "ip": "185[.]82[.]216[.]64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b"], "ip": "20[.]150[.]38[.]228"}], "mutex": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\SetupLog"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "WininetConnectionMutex"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "name": "Global\\qtxp9g8w"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\kn29r6c6"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\473ggh6j"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\wpewcqppg8z44x89"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\IV71LG3P"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\986spw6e"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\ag7xpe52"}, {"hashes": ["57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d"], "name": "Global\\wpsSerMutex5"}], "registry": [{"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Type"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Start"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ErrorControl"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ImagePath"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "WOW64"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ObjectName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "csrss"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\INSTALLKEY", "value_name": null}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": null}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "DisplayName"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "Publisher"}, {"hashes": ["22212563c82d627560b8a141299031992fde210f22c6be2471d3497bf8cff13b", "57feb1fe02b13382d369b5626e872a6159ff6dea32bad5a6d7ce6b6f6a93016d", "9c005e337df63510b6a2a4758df8d4840b6b1ad35ee9eba3bfcdde9cd1fab858", "c79398d04526ad67bb70628850a35678abcdb7772c11d7539354750dd9d7d36e", "cbb12735307be5876ab96badb940f8e5870542005c6f5220e968d41e7d84d835", "cdc9e61ff13c55f8a332ccfe2a1e6d2b2cf356a6954f6d555e4edf91f5a56db9", "d349d2bfed8f0eaa962d8adcc5e47c9ec234a8acc9ffbfcbfdbe547711fa43ed", "daf42e9987a8e7d8c7223a38a8083d8588278673653fbbbc3612ef675c269292", "f7ae491824c410240f87ba1cffa233cfb761bc2c856e97785685dae707110c68", "fcf0cd38f5e888254400b44cfe246b76588c2fcdd89c4e4d38b33d7c099ff83c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "UninstallString"}]}, "reports_count": 10}, "Win.Dropper.Nanocore-10003611-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-executable", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "created-executable-in-user-dir", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "created-executable-sample-appdata", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "windows-vault-api", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "artifact-windows-task", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sc-service-stop-windefend", "hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-zone-identifier", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-created-executable-autorun", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-communications-smtp", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "firefox-cookie-read", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "cmd-exe-file-execution", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-on-usb", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0001", "TA0008", "T1091"]}, {"bi": "startup-folder-modification", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "excessive-file-modifications", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "TA0002", "T1036", "T1569"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0002", "TA0040", "T1047", "T1490"]}, {"bi": "malware-generic-ransomware-notes", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "firefox-cert-database-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0006", "T1555"]}, {"bi": "firefox-prefs-modified", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0009"]}, {"bi": "recycler-file-creation", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-read-ie-cookies", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "process-modified-quick-launch-file", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0003", "T1176"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "wbadmin-file-deletion-detected", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1485"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "process-deletes-many-files", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "enumeration-email-program-information", "hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "network-smtp-spambot", "hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-smtp-attachment", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "feed-domain-rat", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "schtask-forcefully-created", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-public-server-contacted", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "modified-file-in-program-dir", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}, {"bi": "dotnet-malicious-assembly-name", "hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb", "1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "34d66474f8157ba70f6de429b8e624cd05a5512c46daf4f9ccd8c6adad5baece", "3541875e5b62e84130450e229c73132431f93277343cf5214b65846d6000a7b9", "3625699aceef8218cece58914659f6ba003e6f26ad033645ed738b4972050aa5", "3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca", "7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e", "8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211", "9748fc497d427eb41191ea495d907cd5d2dd9455ed20bf08df947bdb15d84baf", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "b7839de29a4736fb565b36d5c4aeea0eea28c8384ae8249a1bce267ec75f4196", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7", "e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "iocs": {"domain": [{"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23", "efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "host": "api[.]ipify[.]org"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "host": "apps[.]identrust[.]com"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "host": "mail[.]nereus[.]cl"}, {"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "host": "ucnano180523[.]ddns[.]net"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "host": "mail[.]sgsbauto[.]com"}], "file": [{"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%TEMP%\\tmp.tmp"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267", "1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507", "27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093", "9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IECompatCache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IECompatUACache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IEDownloadHistory\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\IETldCache\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Libraries\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\PrivacIE\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Recent\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\SendTo\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Microsoft\\Windows\\Themes\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\.default\\bookmarkbackups\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\.default\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\.default\\webapps\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%APPDATA%\\Mozilla\\Firefox\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Documents\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Music\\Sample Music\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Music\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Pictures\\Sample Pictures\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Pictures\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Videos\\Sample Videos\\read_it.txt"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Videos\\read_it.txt"}, {"hashes": ["e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%APPDATA%\\VtnPmuDlIkH.exe"}, {"hashes": ["e0b1008f8c4231c9e35552a08a4a708e8bd978f72f7b8b9991f6e7926d6fbaa7"], "path": "%System32%\\Tasks\\Updates\\VtnPmuDlIkH"}, {"hashes": ["e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df"], "path": "%APPDATA%\\MmRKwR\\MmRKwR.exe"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%APPDATA%\\s24mgf14.wzk\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507"], "path": "%APPDATA%\\UqhqQm.exe"}, {"hashes": ["1f96eaeda59db9e5803a11f4d045b309aed1e4d63e9952af0491b69edbf43507"], "path": "%System32%\\Tasks\\Updates\\UqhqQm"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "path": "%APPDATA%\\tghqdPXcdPWV.exe"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "path": "%System32%\\Tasks\\Updates\\tghqdPXcdPWV"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%APPDATA%\\aIDXqy.exe"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "path": "%System32%\\Tasks\\Updates\\aIDXqy"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "path": "%APPDATA%\\sgDsWOSPtLnmKb.exe"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "path": "%System32%\\Tasks\\Updates\\sgDsWOSPtLnmKb"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "path": "%APPDATA%\\npuchjtv.1ts\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "path": "%APPDATA%\\rVlKlic.exe"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%TEMP%\\s2jd0o94i.jpg"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "path": "%System32%\\Tasks\\Updates\\rVlKlic"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "path": "%PUBLIC%\\Desktop\\read_it.txt"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%APPDATA%\\sOFvE\\sOFvE.exe"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%APPDATA%\\mssgRpOSZEPHsf.exe"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "path": "%System32%\\Tasks\\Updates\\mssgRpOSZEPHsf"}], "ip": [{"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa", "b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3", "c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "64[.]185[.]227[.]155"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "23[.]193[.]194[.]148"}, {"hashes": ["efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "ip": "173[.]231[.]16[.]76"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "ip": "162[.]241[.]60[.]79"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "ip": "46[.]105[.]157[.]241"}, {"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "ip": "45[.]12[.]253[.]242"}], "mutex": [{"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "name": "Global\\{0d867adb-3500-4c95-b576-70e197aae229}"}, {"hashes": ["3b308d520b3707fed24d11275ec37f85bb4543d0098ef6c7ec965837a5a55dca"], "name": "SBmdTDfceAO"}, {"hashes": ["10090f0b186fb4818b017583c10e21e56ac1a9365020211c619bfc652fab01fb"], "name": "dguPijsTgw"}, {"hashes": ["8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "name": "O64O3T231GHA5GE5"}, {"hashes": ["8c9b30a3a8e903fdaa354943efe56e15a10ccc7515c5d7bee8b7ee624f5b2211"], "name": "urTYJlYpYYNDkAVkNuNKf"}, {"hashes": ["27618a1f5fcade2d1b13452dc9e463b295273d115483928e3a671cb8e7a80093"], "name": "kHCbAyHopHm"}, {"hashes": ["1d1639113b0f01d2044ab2b41b3198a73497245faba4364ae7ea10a0ef39b267"], "name": "fsmTWPRqOirFDgctmfcTeCy"}, {"hashes": ["ae6389876208f0c72afd8dfb44720bb2b94e31f9f8cf446c49c55748c912b44d"], "name": "AeqWcHrmYllWoFRInLc"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "name": "zfBIOx"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "name": "tIJFKdFWJdJzxCITKNerlYSxEC"}, {"hashes": ["efca8f75ee68a472ea90763b970f83c9285c1178064f8174be4916e7da9ca740"], "name": "hmRipQYdtfQNsUPHFxksrc"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "name": "gtRQfGqEtQfZ"}], "registry": [{"hashes": ["2548dd5666787e050a7d3b96f5afadfd255858fae037a49b7ee7a91ecfbe9167"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesVersion"}, {"hashes": ["c4c96c2c76d0f6caa554e1bda74e44ba7fab6a678200cfc40189a7f489af5d23"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "newapp"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesChanges"}, {"hashes": ["b13a9b8c3312ce8b485d1ddbc9a4c840a08e94793b109f2e7aef32b46fb999e3"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "YLcqPJe"}, {"hashes": ["e5950c07075986a0e853f4e919e1c39f0e64a878ff97143a1d49ea5a4eb186df"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MmRKwR"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "FavoritesResolve"}, {"hashes": ["7e407cf9ad8a6c49b22e15151b5fd82bf6f0f6361c5e3f3abe9b76af8bf68f7e"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\TASKBAND", "value_name": "Favorites"}, {"hashes": ["9cd47c4593254f37eb5bef6b0d887f7132ce6d9678af33799da736d6073382fa"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "sOFvE"}]}, "reports_count": 20}, "Win.Malware.Zbot-10003849-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "feed-domain-banking", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "http-response-redirect", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-cnc", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-imports-toolhelp", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "possible-dga-communication", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005"]}, {"bi": "html-small-file-redirect", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-unicode-obfuscation", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "mitre_attack_tags": ["TA0001", "T1189"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-hollowing-detected", "hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zbot, also known as Zeus, is a trojan that steals information such as banking credentials, using methods like key-logging and form-grabbing.", "hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "179c6808ca96450adc50593587f3657158b95e0b7b18d57a17ca1ecd6467ab42", "1d9b7783b5aa2fc027982ef8147b80ae3fbae04b8beef0e6f10d29884f47dd42", "1fcb36bbf70e6b2048157b80f87b670a7ec3f12a1f05ec09e1a9a3560e6013cd", "2e6982f483a07e50820ff992014d66785db20a07b720d69d858286aa66570344", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "78e2e9fea0dce051e9c54712869a7c219f9587040f92d60b9394e3c01b6f4d7e", "83b94be137857db80c5c5c56bde288660eb57ae78db520af32101b12949f43b3", "a8f8541231e010480d10deeca483f669b3705eb9f9155a285fc885cfb3c5f065", "b1df831bcdfebfa7ca46092e3de13d4916bee6ad5880c5fefcf4d22a0f02ad54", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "ba141c89b3ce1b23b425999d8362d368765fdb8c827d5b75e47cdd95a41e45cc", "ce4a87af49e6ea05fce91ad4a43c2d9fa68cca54c2560e9c3cd1864c83064cae", "ce5a9cf18cb500ad6f6411d5f3d37d1f6a4f73f19132aaa36d26db01fd9d47ec", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1", "e5f55ad1027078b8492c0d09e98816ee64aecea385d1c9053bdc7bc9a4fc416f", "eab7b0d16f2933cdee9a4ee95b264b31526e0a5e131b7e49060df93b790980a3", "f6b7f84a31b530e08a419afe6d4b228f4a2271e6e9075f5af20a3985467b6537"], "iocs": {"domain": [{"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "host": "www[.]google[.]com"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "host": "www[.]bing[.]com"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "fuvkkvvsbiozqkkbymrxgpkzvstgt[.]info"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "wsojvgontopjhzhwoxxojblpj[.]biz"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "rwnfpdydqkvxfahfybislz[.]org"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "rskbqhhmgejbtkcelndededuqcyluc[.]org"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "vgxtcqlwtnzqcdfefelrjv[.]net"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "ukdprmromnucbwxghidulh[.]info"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "tejbeagmhtvspfgiqobecekzmfh[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "wojnylnvgpvhqprjvdatlbropto[.]com"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "hqkdkznsctlblbbqxphizxcux[.]ru"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "ljmbhvslffmpzzhpnnfaugqxzdtcy[.]ru"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "jbeaewovgwolreanrtpnhcufuyl[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "havwofgivkuktomvztibykzvh[.]biz"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "aqppxopjwkhqgahekvswlrojem[.]net"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "orsgljbmtoabaonyjfgqdafaqk[.]info"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "fuxwamlnfoffmxgdvvshmuoucmn[.]org"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "xauwfyplbprdmrdswpnxtemde[.]org"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "rvbuvwjrjznvnbqsjbxozsw[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "wojibbavgtkhyhaisgpfsai[.]net"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "nzxjxolruskfsgguwkppbptz[.]com"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "hqqdxifwoytzdnribypnxkqc[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "xkshwsonwzphufsydaulj[.]ru"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "tctxnvnfypqoguqwlwswspbmpdu[.]ru"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "fmrggmtctchyllkzhqtiifhqvkib[.]com"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "duoroukftwtsdaddqjrfezdvw[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "gsuwucllnivjrkzfmjzgmvnvdm[.]net"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "host": "byxrwdgihkvoxpvxonxgzpfqae[.]info"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "dmfagqbihaaipzpeaxcigcxqghq[.]org"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "qsemvowltcwobnjlxttibus[.]info"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "pinlkfpzmjqknlzhmzkjhair[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "lvmfofmlhyswscyaqwgqoijqg[.]ru"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "vcsxkayrkrohtvfuiztsopbw[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "huqcqqohexotakvxsbucmx[.]info"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "tpqoemytjvkzlpbmbmljlfpd[.]org"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "ztciljjzqotucmbaypyddufueqvwgm[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "mjnbxklzjfcqvcwokbvsobypeeuge[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "aqyptkhobjzpdyqsvkhybykj[.]ru"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "aimvkfyjvztylprllrvplvxsde[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "hpdigutobuontxcukucdmfymffy[.]net"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "aqpzhizpgixhmrspjpmrhep[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "nrdmdqwpnpjzlhicubmgmxgnfj[.]info"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "ijhuwtdalscgenjuwmmrondrv[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "uwkjifdugeqgtjfzyxqkypteq[.]ru"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "nvnjfijbibizpljnvrwghtcl[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "tcgyjnljjbhaxljvvkvccua[.]biz"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "bytcefqvwamydburzcdavcskb[.]org"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "tgygqlwkbygyirscwcdetknfh[.]net"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "ukfatatwtkfatrdindeh[.]com"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "host": "nnzrwhskwkpzqkthtwtokvkymz[.]ru"}], "file": [{"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "path": "%TEMP%\\tmp.bat"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "path": "%APPDATA%\\"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "path": "%HOMEPATH%\\AppData\\LocalLow\\"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "path": "%APPDATA%\\.exe"}], "ip": [{"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "194[.]94[.]127[.]98"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "99[.]103[.]42[.]49"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "108[.]83[.]233[.]190"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "81[.]136[.]230[.]235"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "1[.]186[.]47[.]244"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "80[.]252[.]59[.]142"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "69[.]36[.]201[.]244"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "76[.]106[.]141[.]113"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "69[.]132[.]202[.]147"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "64[.]219[.]114[.]114"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "87[.]5[.]135[.]46"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "65[.]34[.]235[.]106"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "180[.]247[.]151[.]5"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "190[.]38[.]87[.]207"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "142[.]250[.]176[.]196"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "190[.]33[.]36[.]175"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "161[.]184[.]174[.]65"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "89[.]228[.]231[.]108"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "186[.]47[.]175[.]67"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "71[.]42[.]56[.]253"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "202[.]80[.]43[.]247"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "50[.]147[.]96[.]104"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "173[.]212[.]188[.]17"}, {"hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "ip": "142[.]250[.]64[.]68"}], "mutex": [{"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Global\\{C30C6CF2-932B-408E-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Global\\{73DE6ED9-9100-F05C-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Global\\{A9348FD8-7001-2AB6-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Global\\{A9348FDF-7006-2AB6-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Local\\{C8D239CA-C613-4B50-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Local\\{C8D239CB-C612-4B50-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "GLOBAL\\{}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "name": "Local\\{}"}], "registry": [{"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{2EC645E8-BA31-AD44-55BA-04D54CAC27C8}"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7", "08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368", "3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9", "b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4", "da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "key": "\\Software\\Microsoft\\", "value_name": null}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7"], "key": "\\SOFTWARE\\MICROSOFT\\HASELA", "value_name": "15g98acf"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7"], "key": "\\SOFTWARE\\MICROSOFT\\HASELA", "value_name": "2b9j8h79"}, {"hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "key": "\\SOFTWARE\\MICROSOFT\\MYEV", "value_name": "3681g598"}, {"hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "key": "\\SOFTWARE\\MICROSOFT\\MYEV", "value_name": "14086jd2"}, {"hashes": ["0638ccf6ab30044979265a6c249045a807f797f795cd35c6662f1368351704a7"], "key": "\\SOFTWARE\\MICROSOFT\\HASELA", "value_name": "1986jd4h"}, {"hashes": ["da34f5a540b1a271dde98a8e7ae9a64025ba7e2154b071de38361049346200f1"], "key": "\\SOFTWARE\\MICROSOFT\\MYEV", "value_name": "32hej976"}, {"hashes": ["08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368"], "key": "\\SOFTWARE\\MICROSOFT\\EWJI", "value_name": "22fgba7e"}, {"hashes": ["08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368"], "key": "\\SOFTWARE\\MICROSOFT\\EWJI", "value_name": "1a87b40"}, {"hashes": ["08de3e8b52a1ae5a70c36e9e0c119d54f1e412667aee3d75384bf23625ee4368"], "key": "\\SOFTWARE\\MICROSOFT\\EWJI", "value_name": "26afjc78"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "key": "\\SOFTWARE\\MICROSOFT\\OWQE", "value_name": "1h6222j8"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "key": "\\SOFTWARE\\MICROSOFT\\OWQE", "value_name": "adcbh3i"}, {"hashes": ["3c3e1b42700ae8b0f8c8fd67296449f5bade0ff6696bad03061a87aa0449e7d9"], "key": "\\SOFTWARE\\MICROSOFT\\OWQE", "value_name": "2130e0ga"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "key": "\\SOFTWARE\\MICROSOFT\\YCRO", "value_name": "3617de7j"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "key": "\\SOFTWARE\\MICROSOFT\\YCRO", "value_name": "13gj76b9"}, {"hashes": ["b6419fc237fab15ffd1f5387040a7d7d2987280f28cea1fdfd5615240a3cf3c4"], "key": "\\SOFTWARE\\MICROSOFT\\YCRO", "value_name": "32bdb4gh"}]}, "reports_count": 19}, "Win.Packed.LokiBot-10003974-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-dot-net", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-header-linker-major", "hashes": ["ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-read", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "network-snort-malware", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sc-service-stop-windefend", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "created-executable-sample-appdata", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-communications-smtp", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "network-fast-flux-domain", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "deleted-submitted-file", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "malware-lokibot-user-agent-detected", "hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": []}, {"bi": "process-check-zone-identifier", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "process-created-executable-autorun", "hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-communications-http-get", "hashes": ["4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-dynamic-domain", "hashes": ["4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a"], "mitre_attack_tags": []}, {"bi": "dot-net-process-hollowing-detected", "hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-smtp-attachment", "hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "pe-filename-mismatch", "hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": []}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from several popular applications. It is commonly pushed via malicious documents attached to spam emails.", "hashes": ["2bed887fca5ae34bb249eb750e20b7542c9209a169745ad2bd9176618042f8ee", "34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "3a826443754835af98b522ef9648a2602e6ef02a6da8138c71ec6780a09fd499", "46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b", "62ed901f438fc72b696fd6fafaa0d7fa8b1d5a6b96a281844effc456de3ada1f", "8f4c439db759beb01af1ec4d073406792073028abf8fbca33867396a499ca70a", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d", "e8b8b962c35b011fdd5a2154a43d468a8c00efe547f89c79b0d1f4b62677eb49", "ee63ce54918a139d72523b3c11a62e00a1cc1573c01f4ac7bc4decaca7eed021"], "iocs": {"domain": [{"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "host": "api[.]ipify[.]org"}, {"hashes": ["34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a", "4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "host": "smtp[.]ionos[.]es"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "host": "mail[.]fiziopet[.]si"}], "file": [{"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%System32%\\Tasks\\Updates"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a", "ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%TEMP%\\tmp.tmp"}, {"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "path": "%APPDATA%\\Microsoft\\Crypto\\RSA\\S-1-5-21-2580483871-590521980-3826313501-500\\a18ca4003deb042bbee7a40f15e1970b_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "path": "%APPDATA%\\zqxqdlu2.oka"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "path": "%APPDATA%\\zqxqdlu2.oka\\Firefox"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "path": "%APPDATA%\\zqxqdlu2.oka\\Firefox\\Profiles"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "path": "%APPDATA%\\zqxqdlu2.oka\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "path": "%APPDATA%\\zqxqdlu2.oka\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\sbxsrkxv.nfz"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\sbxsrkxv.nfz\\Firefox"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\sbxsrkxv.nfz\\Firefox\\Profiles"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\sbxsrkxv.nfz\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\sbxsrkxv.nfz\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "path": "%APPDATA%\\efbng"}, {"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "path": "%APPDATA%\\efbng\\efbng.exe"}, {"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "path": "%APPDATA%\\XwGFCFzeTqkeUe.exe"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%APPDATA%\\vhnjipHhvAgPbD.exe"}, {"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "path": "%System32%\\Tasks\\Updates\\XwGFCFzeTqkeUe"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "path": "%System32%\\Tasks\\Updates\\vhnjipHhvAgPbD"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\wvd2jiis.qhp"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\wvd2jiis.qhp\\Firefox"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\wvd2jiis.qhp\\Firefox\\Profiles"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\wvd2jiis.qhp\\Firefox\\Profiles\\1lcuq8ab.default"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\wvd2jiis.qhp\\Firefox\\Profiles\\1lcuq8ab.default\\cookies.sqlite"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%APPDATA%\\rWFmHK.exe"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "path": "%System32%\\Tasks\\Updates\\rWFmHK"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "path": "%APPDATA%\\aCcAwFD"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "path": "%APPDATA%\\aCcAwFD\\aCcAwFD.exe"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "path": "%APPDATA%\\yZRXCHBD.exe"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "path": "%System32%\\Tasks\\Updates\\yZRXCHBD"}], "ip": [{"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "ip": "213[.]165[.]67[.]102"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f", "9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "ip": "64[.]185[.]227[.]155"}, {"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "ip": "185[.]246[.]220[.]85"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "ip": "193[.]9[.]21[.]124"}, {"hashes": ["34efc543781328d0d7161f144577197ea501c83974cc4edc0df012273d758d9a"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["4be6b367cd8fbbd9b5b047a1581775dc0157188fbea49760ce60abff3c4bd79b"], "ip": "132[.]226[.]247[.]73"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "ip": "104[.]237[.]62[.]211"}, {"hashes": ["b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea"], "ip": "185[.]246[.]220[.]60"}], "mutex": [{"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5", "b0f38fbfb54d1735e9cb425df68fe633ed49c562176317d36bcfaea1095ef6ea", "d0a263bd80d2a49060b909ea51211f258668930fcd799b28f8490d784db7c31d"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["961d2c3c698385223f128f5caa0e9a8260cefb0b8a29664f219d64fdcba7941e"], "name": "jDpDPnOkffrC"}, {"hashes": ["ad84a593f03c9a1ee16ea026718cbc46d921acdb940e49c7a78b26abf4dfd3b5"], "name": "XUFjBW"}, {"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "name": "fqBVRTwaHZHtrCfkQpOiNQIvCL"}, {"hashes": ["46481912ad5fa03359e9e75c73502e78a8c50fb3e809ddb53c10807c4226855f"], "name": "xIumJSsKuOAlYSHwskpJ"}, {"hashes": ["c4ef2ace35064a224b5ecaf23baef88a1095190ae3d9639a388e9b21196c8b9c"], "name": "SKfeirAyTRLShRHdbvBVtbvsraX"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "name": "aIkjkqIVKPdZEKabRIYzdZ"}], "registry": [{"hashes": ["9039395504a883d92a51c3abcc21e65191a1237d58d5cc36aa205a2696a7fd6a"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "efbng"}, {"hashes": ["ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "aCcAwFD"}]}, "reports_count": 16}, "Win.Packed.Upatre-10003658-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-uses-fasm", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "23571dad521bbef1b2dcd1ef0d298cb9362105f7311aa851404d603766fe1fa8", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "2634651c203c00f50ea21e05400d379830c393b75854b191ac0d06cdca294e7e", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "269c96e3003ce5b1e08c7af4da3dcbbb0033f666a44a1c45a8a090c337f1b869", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "2c89087b13145a5c8307b1cb6ef1a0d46c8312fdbff5b84adc49d380e19c8bed", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "2e5c598984425e05d767d09321d69da99e2cf1cc955134f183b0005bdc6970c5", "2f12a40864f58d57c52ce86a7c2565b721e05cf8e7e234a890865cba62aca8a6", "2f7ddd4d8cbdf0730fe66ea2db1faa8c396676eabb64439667453da475ff120b", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31be2c5ae154dd65136262182dd351f34563635c510ce82b05f5da14dec50c69", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "33576fd60ff89b8050c5fd6253f73003575d3e2ad276700238edc3ca133ea20c", "33e7f97f475a0155f325113750553f6a804d2b8e6794182e796c5d3d596d5524", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e1a04c42f2bd05e194df5827cb485bd56e0fd5f2a1a559e51bc9661e723d78b", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "3ead1ed1c57608a513adc6addd6282d4222c904d750d08fd66d3314caab57fdc", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "430fd103a2026b0367d0ba927637316a7f3140d526c15fb0ab1ad613006d56b4", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "451c7d3429f4089573a6b2c33b8f81c86203bb001f0e2ab8c07ba32a7f191a4a", "4677c6017fb7874892fbfbd26dd94142973dff2801d26b7049250a03c48a7273", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "4952089f86540778f34a86be4e23b46dc6c2c34cfbe6046d9f0fb771b8c49433", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "49d408190f2604c77ac4e32f0b815f6ab76568590f8cb5aef3ffd2fecba4c3e9", "4a339d87611b3ad56940962c1db53e504e9f2b546632a0eb44eb565dad886c10", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "4ed6da7eb9cb6616c7a95ee7957a0d779a20c105769f6ee0af52337053377b8c", "4f3a117b112223c599dbf5f8a8bb3bd375c8d95088380dcf289ebd0abb773349", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "5124084bf94ca799a88296245a60a63e787394828882967194628f235e908869", "544d7f92c2dbe16615cc90dd55b84a82a107016b7698129d5651ff05dd24bf12", "5666d7460c64197154f7b655cb13255e9e314496eda97b3680fc5d6235219eff", "56dc011261c4fbe149088007fb1097404a597acc728b319fe21ec1864737f9f4", "586ce541b9db6003bffe4a9d1cf532c768692f6aae1633dce3cc68abf6b9261e", "59d198fab30d7959281c44ac52fa18fbb6bf138021b69c706bb889a9975629ff", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "5a271b5a925bd7d5e7ff361f823c3fb5536dec1ab3f51ec3fb8b4ce3e4087478", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "5bdf79dd0cdeaf1619db15f28037126d06281fde68cb929896eaff360972e2f5", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "6249ceaadc55ba9c9eae21393f2c6881ea00f0487550c73ae963309cd9d77b6b", "63a83ac1d3abfd3c7df9b09e2ee5bcd11f7b7e0e1b921d1033643b80fc597b74", "640bf27b5affcd115846bbf21a5105d93a4ef2f1b67e90991444e4e81583a3b9", "641987bd5b8fc81adde2fe0b7636e6f3ffe3d60e55cefb5f4610cf0df9bdb739", "64911695357c18fc85e29deb9f515258ba0fcb199dbce9e283e4fae60e126569", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "65ca12ddd4caba1bbb35e852c487bfaf5f1a2317a56e10024ab7f08dcf427234", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "675c9278391d12d3039101b8d162412b658e7b750a48530d359231c69466e2c3", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "67adba85de4f53c711e788e649d9da2560b46be54e934a8b0bf61a1535e5fea3", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "6badd01b6c852237a8f4a248ca175528a3f5c6e587861133b5c5953660eb8f8b", "6c5f6ac24bc58e0b00ea1751b7743097fef34f1e80518c418bf028f856715715", "6d6d965586b16337a280c6a1015a499f9a1a367a1f637a0e79efc106a393a3b7", "6d71c707ca1076513f9df66e469a7632b4880c857f6b5cb2646de740ca52c0de", "6d8f04a125cf71adfabb1e2e8f6c91fb09512ece6fa3b1a196cd2b7eb26318d3", "6ddf8888f4f8f4541884080f0ccac3bb008e5da8c9590a3895fa2b563c4f5d02", "6f5239ab6315935d69fb9323f81cbfb53ee34b73339eb0745d7994602c1309e9", "6f85c53fc867ceb4a39813da7f75fc298d3ee2fe2f6c3323e7299c033efc348c", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "71e9023b7f70525a1ce173728875cd61136b31cd6610bf82f4fd311f74dd710b", "71f153bd138cc5baeccff2bd33b088db7e35da478227e1ca3361e0a50587cc51", "72332d341bd1bf33d11d1b7f150d90fca202a139bc49efae554306287ff82ddc", "7318ce9bd16d686154bf958a717dfd7fcba7e2c0249ded62ccd36c0158ff8e8e", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "74354b5a95b9eb1961c2a6b6e17fd4ea0668c342ff6347fc11138f38f34d3f51", "7540c2564debebf920dcde67eec63522bbbb232ecb4c0aaca8187b9f9564568d", "771cd8a43782fbeef15428ce0a112f1382f887c93f6fd64d525568f2585e5a17", "7727aab69870bc56b5c750635496eb3a80c9fa5182a23af2a70d4154d9c941ec", "7780a8ffc87eead1cf3e6653428b8ceecf81448a6a004a1f1b0bcd6842970510", "792e03448aa7d9067d2c904e6b9821c383d91a5488a6608c85465f1a21841e85", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "7c029583c59d4f149be07557f03ff2dad18fe61eacb79884762bac7291760e2f", "7c2a2b4bccc38d2120e3e69ace12c99388f4b0e79dd9fa1b8e888d4ef790677d", "7efd03047ccc33a5ff98f9674e46ed3c1f364830f54951d0e71b325bd3822173", "7f7e93245e63896ec0fa9d0b0119348ee43708c638edf8bd76318cdea5bd842e", "8020d46c6bd29ef78707509a6a6ace4efa03acc96aa84a478b9f657fb4a821ac", "815c17b4143c68c1821df11311138b3f4a3f774c632545e7a6ce3b947025d8ce", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "83c6b32c7e12b25ee518ed8fdf8ec06aecdb3ee51cfdd3e4df78354a733f17f0", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "85152b2a4acec70df32e05c35a979e8a9f1b658b9518aa60748833420132a633", "85baf137c0ff32584f3cb4bdd70322dcbd7d3fa6a6e4c97e9bea84a523d6aa26", "860150ac537bdf57803bddf2ab3a30b180649eaca4b3f8840f0cfff3e03f7748", "87b259bd6fbb45b3c0c0912821fc4310e513f7373df2cf5e78deb0e7c815a578", "886015d6287aefea5e589443965706edf20ee82d89538ef80dfd4fb66d95cc05", "88c6979d0a24a2e2b612d0aa238f7c1e5d244a53754821f5c30dd95b9f6ac901", "8a3e5be3367514889a3c74f2413fbe66a06a2b0269354f4378fdce7bd3032fd8", "8b1082e3e6e19dacf2f566d406e79844d675ceb825632c0e7496e2fe87933af0", "8b67c810ec7153e3f1a8538ca530fd84574b73b9463a4e1071bbe0c156418d4d", "8d38e4d7e0ade76c5541271d955aa7b6c45be5f454a264b2616605eb48efbe48", "904c178a53f71d6983c036077a74b1f5254533fa97660ca8f032d084fdac9199", "915fafcbc3d958e460a1b8a37a57a8658a85e9574903cfc430dc78194da99261", "926357911858490a27039332551869ffe670ae86144ecb6399e7e749d1aeb8df", "9271ad7d0b971bcd4d05441cbe558b332fdccf2e1ce8ac9ebbfe3398c243b143", "935bcb82138281c2623a5694f6ff22297a6662d35dc2c538ab41e88810a01b2d", "93bf7516f630a10f95e073a55813e6559729f611b2b3c01c8ff740308e018e57", "945486b94b22004daafabbe69b552dcbddc571e502bf092301d5c440f1908ded", "9461caa9fcaff40153088971bac445b011f41504b33e7294c76f391ebb2ddf9c", "9518f4d41ca9348c7feb25d43bb4f7e06375bff95c6440ae858f42271a945ac1", "953f9c9b73164fc4ccac4eae2c4f46041cd13072d90a1b01552235bff57e6d52", "95b192b556c17601f8daea0af848f518168c706310a69dec6d2cc528e38d8573", "98496b28db2e62f98217c73b575887be0903e0f0b9159f5e521d3fed1fd80117", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "9910dce2826feabab16e4a510c6f42cf7b71b22086e36a3862995e3b732b2567", "9abb43ad197ef82f2098e49f1be543fb830d0f6173c785e63499ee4285976997", "9d8b20a7e6a0b750ae41e842d3ea5462c83eed058639f92041085b3fa0fd3c91", "9e1f3b5122b1b1c948807a2bfb99ef541bc1588878cfc86a5fd766677dd2b79c", "9f8e5611713d9330f06056881d5ece599902d01f6c68a79e08068f9dede323e9", "9faf4a66fb8f79869ad33f31c5da543dc3c09985b99db2b77e33d132a419e748", "9fca63410081b1fb160e9cafa8bed8698b61d499b3be34cacdedfd37dd98ed33", "a061e83ebc899fffdbf07e9a8af7ed967f4a6550977ef168e6602110a2797ab0", "a249a5004ed159ae9ca904ed2deedbe0546627be87edd6779c8d6563881ec3e5", "a2c55d914d548606f38c9d1aa17dd175dee1fea7ee4adc2a83b71a5782111903", "a375a9b73b84cd30c52661530e768daa9103f41b126d5f5f569f8e1d96e41563", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "a4b4c08169dd85d25ac1cf7b7c58c497bb7c00c73dac5d133ef20c4c101da705", "a4e05adfe8fbfccddc469b4af914b866591450b6d3198ed86305e03168f6d5f2", "a597a582cc3a3ed11211515e25dcc13f5323bece30915a2cd9b0317b0f5419bb", "a6117d406f26c48541f7fe7fd154bbf60013a47d242ee288e38f9c3735060386", "a767f81d967ddc6ae1eb1b7237b14122d3ae92d83e8994577075787197abc0cf", "a87d9823c5829d8204b764fd87ba9a27cb0121c4846b5d6d4fd251cbb25023d4", "a8892cf9f8a19550de5411df581349f65f88f544bb910b76f425f3ed54d95565", "a8c321d0c5988d2642b823ba6e99347f7ce2ef6cd77edbfd1483405366fc865a", "a99515612392621b0b5310890b0a1b7d2abe9fce30abbc3a908b6c7586e9ec6d", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "aa0c39c1166e8b1e9b98ae5ee46228f5bc2988a8dc21a3c0098e1196354eec3e", "aa38624c4e52185f02cca801749e6d268b19bc44baa4e25c1f8cafd70d1ff1da", "aa38ee7485764368ad25ca71dcc952bcd97b57e85358aed4713ccc937196c9d0", "aad28aa8e8a744678a04b30f0abc2f69c681961762db51591334d39de3f8af36", "abaed595ff2c82df3df9fc885696e71ccd7d2800c5a44de3b5fd453e8c617a79", "abaf0f11ff71ac2d97719797bd2859b9ae8dbca2886ab6fd0f3d39ba0ce7bc61", "ac47a5fceb152e18a9f4e0781aaf4693f9c45d9de24a726956cdd4ddc9768abf", "ad7b0ded97ffdc6dcc0326e978f0716c547b798f35809c3c0f5166acdb89b220", "ae0f8ba1bfe91f1aba845a53c10b22b36d88d375a82ec4ee167e909f0b04c714", "af09df0b2fca59c89a3eb618c1d807f9c6191b90e318f2c5b7d24c546a0b551d", "b1d53896acdbadddc1546654b959ac84c7d54317a8ff03ff367f23b40c99eebd", "b4846325073206b2fb04787a2c616691c88ca28dc933085d9c1cf4dd657733ca", "b7cd11743df1bd7d8e2793a88a52beaab82c59ef56baa1ab99c3101851ccd5b7", "ba1514e8b30b5af6e576a5543aeb6459ae1d39a5482283dddfbdf591d414c4b6", "ba56eb814e29af3e0e0b8e11d8ba6b8d2f1ca7643db887dbcca9a9f908bf78b5", "bb356ce318602d7e83cb2418e82a040334fece422095a48f6a88f9841d6adb6d", "bb5ca4a2eba8b5d9bf9926bab5dfad39c34a271d193eb8130ca87eff4eb1f575", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "be6b9f288ea667217b88fb46949779265ce9d2731622cea6f273f2b5a96bb38e", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "bead15893bfa96066ce11c65a083bf9be7d9c45c2331282a5e2579f5019dcb0f", "bf2cef8bd94a12a341080e63e5d53f0d59caa364b7deeb88620b918ad86865ed", "bfb604677d877da0b64a44895c7800048ef1f690287f5dcd67247765c0f46c10", "c0bb0336678054406ce069a66ddd386329da1478181fc887f5dcee2117c6952c", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "c35af834b7da35a371dc9e5bcf11539c449d0faa73ac0a288cd90f3b662fd9e6", "c386fe80caa9b085167e0b316a3149c81b875ec78c1abccfe3fb5246ea04eb86", "c4207848f20a56ae72c22881a560afa2eae9289bf9aee80af29ec1d10eb90537", "c487c3aa51fabab2635cb3b75e38cae619f1226a3a925335eaf48b1996511d5c", "c530722e8f3e1591491a335d7ee67936e3affe3d719c5f06aa6619e0fa0c5c03", "c657704a458c7d4bd071cd1d0765a2ca57d5385ca0fe4e29c3457dbdefda2deb", "c6b0e652f7dbacea8800ad1c7a3fc582e74de5ae3d123e62cf93f6a89f42d194", "c97104ed3d12eef3963463a5f387cc1044d8668c2abe92f3fe9f091fa3705eeb", "cabb67f9e3e3711be5916680e392c4a3111d46921e5b40ed8c584da9521b536c", "cb393e4363b7e8291e04d87bdb0699afa8a354e37cb7e906cdb110ad8ac1acfb", "cc17315d2e7c5415b25092dc5a80e0351c4e74cfb9caa34b93aeb7cdebe02a0b", "ce2d9bdec3ce4d95bd2ef8d605b4649084b153a62ff1f47b0385a2a0da4249c5", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "cf5c105c1433e21f48e72644a7b30644f9c1128d1d794bb7491ada7fb1bd6ea9", "d071ade7e5d82c7e7bc108f352f1579879000c8d28f56d3932972324778d7443", "d0f3362bad858dd53db353adf1ea47bc1d5c80ff7ddeac7bcf00e53ddde1fb02", "d16e270504b656799bf8de5b0aa45ff043163cfe3122dd763358643388c3a3d2", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "d3e1d2697ca0639738160213cec46e7b459a8588c76b7cbae706912e5790ed54", "d3fc41202facef5d378678b07cf155d1852c9f2a4108830ade37f35ddc4b717f", "d42639af35c557a86ef076dcf065071668eca843a599634eb0e338badcf7f1a0", "d4651bb5f94829606a3ad149d351977c9504db49d9667d9e1d43f62df352e0f1", "d54281ef65d61acf35c5a80c2aa51ee2504fe83080d5223f6719ba275387e6b0", "d63c013e03e6fce1aa9c409b244d514439cb072aa766e01e05f9cc476ffbf46a", "d78f55b9ce2567bb3478d13301edee875cd692ad65bbac57cfec8f3d8e28c9ea", "d7ecbfa5d12d2ad3dc219ba1ebc5fd07ce1ed01cadd2d46309526fc8f2e4ca4f", "d9501ebd5a1f501811b17bb96be714eec2f725417f3904d2816d360d79080ff8", "d96795cf17a7b7d442f0cd6f988973b6a1463fddf5aee38d8e71e982df6a3fa3", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "d9d97711e35ca4653e17a784fcf83d5717a81c83e29f1cfb7669020b90aa6637", "da52c1ec3723c4590c26a4fdafaf992baf41a022f4d9680a4de857e40ad7c616", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "dbba614d1c83026b37ab530123182b9119c67c131443fc3965df0240f7643d73", "dd0078debe9251410ca738ec1dae1fa4a8fe8cb2ab0606c0a76634cd664a77b3", "de589a3e469148a280f0c9aa4c04294b76f25c55b67b7b78e28566da4677b55e", "decfe3ef7bc86d651117285241e289cda56ead220c7b6ae67f187b8a357a7cd6", "df8722206583701da70fe3515f52786891dbe6f894d84ae14e29532a20b46a73", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "e17b05269ff0f47ffd11d9990d08601105322abaa5788e40ce3138120295870f", "e2c6699216e9788b4d3e491576db5bcc0416af260f00179b09ef7c0a8ce64c16", "e2e86da3b64156066c344c32a844c2acbee2755ddd25682abebee2a70fcd0e46", "e366735f5d7ccbb1dd676aa5cc2ef9560fdc78dbfbfbdd0dca8b7d3dfe01ab60", "e3f09004e7a9f0572ad6362f0af1b56050bf563deeeabd6156e6f8dd7295248b", "e4014551a51596b7c7ab0593b5b7e5681ed28e11b4faf8109127719ecac60ff5", "e43d62c472414b36ce6670e5ebeaa53dff75945a6af898709f0aad83deb5bc62", "e4858635fdb6dfcfbd90fa653c86e81ebda87d7b3c4f31c51b24a5b256d01e41", "e4f70d6fc439ec96d1eea392b7766f3a84e7006d13a021e6242805ddb3593aea", "e50a1ce80e8271abf05c475dc01688aa26a97dc704d7ada15e27d5cfba2253bf", "e53b0b4e122dfa6cd5facab606ad5798dfaef73c4fc3ce36b0da9dceae5e0914", "e6db206157393932430efed3e48f6edfcb5e7ddb6a7b1e064697dc2f8e95ebe0", "e7589bee21869473f34c1512cedc51fef7989e8274488ed1b9ea71fbf499988c", "e832072f77d98522def1d513e301e8f8b2fecbad11b0a4de2f27b5d1a60aeb09", "e8d37f5a274e5d5e6423e5a8bc645ae6f96146a469f22294af911457f7cb191e", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "ea4c09827b4d2abba9a0f7cef6c281c4054aaad8372c8925b29e481d938cce77", "ed66601f5ec0b60d514ffd450f784599800b9e3dc0a3d035c44efc95d037e565", "ed6d37ee10296cb198ee7351b1fa479f6a7e539adc2140de3e74a164a39284fc", "ed9df50cc04aa2a3d4bd52aef4d9151065046a0560a930cc3e21debef00e9b98", "ede22a7e22adc7aefff4276b552f50b102a788ed61fd361c46308092979af70d", "ee3e0b5c652ea5421fdd6aec537495a9d1f1b5c8564a439f6cd8aa4420efba22", "f018860dc594763a36998a5004a4ae1de823d4a8f1fd628aa6c9604d273b48ed", "f05599da5c762655f11edebe78e83830a103857e1fc215a78d24b145f79e5484", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4", "f0aec2e2607aec4ea1e8bb9e45dff23b35b26e0d984c75bf8467f27954fa2400", "f1db102c3ef52a8b4712a7752fb3e53dfbc6c7c000d0c532718667fefae38506", "f3677fbba706a76e673ac31e1f41db2ef254eb069b663018b4a928fef9b88f8b", "f69139371e73bbf8039aa225f4e22c6b5e03fd048144be5a6bce8607820941e8", "f6b1663c543524c9aeb9faa433a9895d0191f2627394b6a9001b469e2c8e2966", "fa332be861ed418f9b2594db359242b86378687add318dc0845443f942cb482d", "fa6229fbd9a355ead09be66de94b5994f887d03f86c4d3fdea2e82e88b05aeb8", "fa811efb55ca517d395264898bcc77d5c16be1963f11ebd73102c6c267051936", "fbbc31e425e4022d811ea7c0e9df301063e0768a4a3066503901b703065a2eae", "fc388d4cc3ee53ae28566e1f93a4f9bd07134a043b8b9b1fef8def9bc21fa261", "fc8eb2d9a94525229e3d0a7ebe98e5564f95ec04c3f5638909305eb9805a7be3", "fd659ee2be755928cb8e23e48588affa670c661e849b47e2c210a4e10a44c90b", "fdeb2eb22e8249bf42dd494e03e71572b464d2834123e20c4851a76c87926f64", "fffbcbfae40783082dc971b22d7bccd70e2cee2e2b84e9aacf7cda5f8d9fc8d1"], "iocs": {"domain": [{"hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "host": "checkip[.]dyndns[.]org"}], "file": [{"hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "path": "%TEMP%\\guzakbet.exe"}], "ip": [{"hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "ip": "93[.]185[.]4[.]90"}, {"hashes": ["0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52"], "ip": "193[.]122[.]6[.]168"}, {"hashes": ["09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407"], "ip": "132[.]226[.]247[.]73"}, {"hashes": ["03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786"], "ip": "158[.]101[.]44[.]242"}, {"hashes": ["06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "ip": "132[.]226[.]8[.]169"}, {"hashes": ["014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66"], "ip": "176[.]36[.]251[.]208"}, {"hashes": ["014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "ip": "24[.]220[.]92[.]193"}, {"hashes": ["09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d"], "ip": "67[.]222[.]197[.]54"}, {"hashes": ["0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786"], "ip": "69[.]163[.]81[.]211"}, {"hashes": ["014ab5c4620483729398a175ae10660faeb5bf7efd68e882859e81a585870d02", "0858a55586120cb9e7827c540e07078af4ac697f70ab53546a15187126afe5bd", "0a8609cb85233a683e73a94544c2152e0f0f83c847e61a77fa787fa7cc7bf678", "1b5e0b2583fac04db8c84ad0970066cf42233437ce05b11a3752ffbfee2d76b6", "32882c25a2b975b4fc9876ec94becd79e1cd52b9db6ccf3a0a3fb7a347e75931", "4c9ca0d42458c0e9ad6e6e1f85684357dade7a541d3d5bee9a2d2db62c8f9073", "5aa6bf51fe9dba2534d6acb90948cd1df48bde1a92ad2d29bba1f76552e21ccc", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "d35bad3f610667d64f9ba9e3fee54928e2afc6563b70dc8d4dd0d1f6c1b0ff66", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786"], "ip": "67[.]221[.]195[.]6"}, {"hashes": ["03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52"], "ip": "76[.]84[.]81[.]120"}, {"hashes": ["09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d"], "ip": "67[.]206[.]96[.]68"}, {"hashes": ["26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69", "a3a34bcd11f26393346bbf5975b5b88914caf769366e672380669d44332c1311", "bc8c9f2d45457b219d4e25635c694f68d21c09f25deab52042fb5f84a115e2b8", "d9cfbb9cf0ff7297b810772831bed0293f966480295b290fb1e7b70bcdfa8786"], "ip": "216[.]254[.]231[.]11"}, {"hashes": ["023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f"], "ip": "72[.]171[.]9[.]146"}, {"hashes": ["0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "1d2b14e902557a04a501ccee11c9327d27c1e3247c275406e7c12e5b13e5f08c", "2217720e360d4b8217c7186ae337d84ce920bd32bcd918e88ecd12fbcdb0d203", "33044f89e50237e0f41629433ec800cdf03d9484e034e6b6ba86cff07d1259ea", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "49c8204bd1699b6d955d05551dcd0645a45c80173abb81c7b99e13b25da077cd", "655db1f6a5b30c745e7341700d127df004dcb363c8bf0cb586cf70e7f2ae626d", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500"], "ip": "67[.]207[.]229[.]215"}, {"hashes": ["20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52"], "ip": "85[.]135[.]104[.]170"}, {"hashes": ["01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7"], "ip": "104[.]174[.]123[.]66"}, {"hashes": ["26fbdc34f3829b32629ec5ebe86a9b6f106dfae4ce7adc009f78f55d876edcf6", "3104e890b8278a98ea35a26ffe7b46ebdda2d448afc05daf594627f05dc51103", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "3e360bbe6a7483e7090b68e4db7df1d227c597ad0e5983c00219532aed201e2c", "4f3bfe3c8917b433b907ad5bee8c0fac44756d36333839d1130045a47c57eadc", "5ce3df791877d2f886add55319878f372a7636f07afce8b9ba06c8f2821a906c", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "74225dfbe1958511e402005735c7db97258452ab226fc4e593a30621a3df3c69"], "ip": "24[.]33[.]131[.]116"}, {"hashes": ["03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "4e3b741e341fbeb0e68b790629304124e9aeb8fc2337ac7ac158bb834631cdd9", "705a34207c9a65e11f2ac9b0fe04ed7cd899365998eb544d4a0db252c9b90a84", "843f7a5fca0514935998f92cecff13c0c2cbe73a92d344af5cb38b78fb70f97d", "98f322f590d048d1896a4212f8c1a63d551d0410a0e024b9f0d91819f1010066", "bea3545b2c5cc6b65d6e0b8be587b6de380205e182c355bb980bab36a98f6407", "e163b5f9c173d8141cf736fccee3f79be0010fd80b05451b30203bbf5afcea52"], "ip": "84[.]246[.]161[.]47"}, {"hashes": ["16d0e440f0d0145804f56fe9651b9ee71252ee53d615030c93f36d959e923f0c", "1c48286e5605c2f5f300f6267bd4abb8db72bd1963b0100930d6802b4c8f0363", "1f8b1836b12c5d56e9983b02a36e0213d8a8890cc8a8003071c9930fad696c81", "24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "5aaa35c3e75b3cef769975a8fa5494153ea505bcd6a08a2c78411ef6a9869371", "7076c899fdcecd7897d17803e2cfdd2cc2344fb8b31327ba98a5fc2a66a47e75", "7bfa738dbe934247828c90c1e0e41058c66c413b420ea67c42f2d68fb7c3963a", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "ip": "67[.]222[.]201[.]222"}, {"hashes": ["023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f"], "ip": "162[.]153[.]189[.]143"}, {"hashes": ["09736ce208d4bcbe7f4a18c21749aa4ed23d2724b164aaa289bea73af5d127fa", "17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "1d71138b9af7b1242b695663ebc1ba8a4b6b7dabd35034d3c4da09d981b90111", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "3109ecf0af781eaf99c67073fb533495b408da7858d5dab8edfb0bfb175ff00a", "31f6b0f41f06a92aca8f748d3d36cefbbf4440e7eea56d6b38cdc164b63bc681", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a"], "ip": "69[.]8[.]50[.]85"}, {"hashes": ["01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "399dd66237d7e399bce905aeecdbd1dd602066bc71c923780a8ceb3ce0fbaca0", "65d3bc8654b70037c57ab9b4eeaba095e6daa1d77f46dcf06bbc15ce3ddf2d1a", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7"], "ip": "72[.]230[.]82[.]80"}, {"hashes": ["13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37"], "ip": "64[.]111[.]42[.]64"}, {"hashes": ["0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5"], "ip": "98[.]214[.]11[.]253"}, {"hashes": ["0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5"], "ip": "65[.]33[.]236[.]173"}, {"hashes": ["0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b"], "ip": "173[.]216[.]247[.]74"}, {"hashes": ["01f780ea7234c9196814cb5a7f0f58282966f913ef23121a785169992bb6437c", "12ce1cb11a4ae1201fe972607698b42418ebae504b24654e95f65680072bf1dd", "27330ce21b8a05c3cead898d0eb5d64da04dc9f5be62b103bb49d86e36780ac3", "36977b6b66c7a55af5d2588a530d73c3baf5cfb42ac762f372795ec5c7997b32", "6a2a0f08ed09dc002d31945eed99b238cc2e6f7a5fb0f280bb3f35aa454c8091", "816aaa2ccd88924157ddb646d55d125607920d715c48489057bedcef8d54f3d7"], "ip": "173[.]248[.]31[.]6"}, {"hashes": ["023d61e66aed8846590d7fd1e185d72864fccfcfc2540b259ad023c199b67173", "12ee667b11450888a07f348eb46fa075c0bef95c57654769301e9287a4aa20fa", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "81e7cb25a3b5b3c0e8a65296baf5c82a0bfad37fe99de7de46a9f8b2006dd650", "c1ee775bf8568e57c63ae072726abb395b52acfa703d757cb16f7ec2c291161f"], "ip": "67[.]222[.]201[.]61"}, {"hashes": ["13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37"], "ip": "72[.]174[.]240[.]148"}, {"hashes": ["17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "24045a5008a810e8742dc9501e957805b377fa538a591ecd56a837d8c9472430", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "451bafc169ebf19ca6e2af2c7bfc1b0b45e4e7cdd5dafcc94ff296e2d0d42f21", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a"], "ip": "209[.]40[.]238[.]170"}, {"hashes": ["17fbf17ee60022aacc492fdc406dd28bff8ac8a89614159bbca0c89acbbd9cd0", "24e23be0fa657b0cdce4e7ed04b5611c6bc5f17e65d998d1f55ef373beb71448", "2690f8084cb914b3ccd646754944816af50fedc12e392b5a3fbe0b498c0984fa", "3a1b977b2d9de5191a4b05da5e9092102288ce95ca95b704ab4a9b4f5b86a1fd", "3aa3070548258d40aef01659efa44e9cee74526d3f6ed22499524668689206f2", "d1e6c5ec2e925bc51def51977d2225b0b7748aed742c951007a083a11c279a5a"], "ip": "67[.]22[.]167[.]163"}, {"hashes": ["0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500"], "ip": "188[.]255[.]236[.]184"}, {"hashes": ["0cdf031f6415c1ab3e3c804a4af403b9b196906c77e1915b4cc82b3ed1638861", "1c6af8fab4c4ed60ddbe41d90a6dad4cf442d38bb59bb17884445a8479f7f7fc", "3b7ead8b3030eac419f842a35e4023131dcb398ee43e693d833b0bf363cbe3bf", "3e5b8e1bf0299481403cff9d5074ba7637c83ecbb33e333527c89d314d82af0e", "cf268dc73a5637d1e819f633fc624c0da618981b97b9cdf18ff6be1ad2244500"], "ip": "98[.]181[.]17[.]39"}, {"hashes": ["06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "20ce9b5962cb31299ca5ca06987eee42667a88a5dba2be9f3c8b4a419c29a832", "44df68af4ddc97002a37c15ecd745a13f7eb68369da75700342a7a68ab886b0b", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195"], "ip": "87[.]249[.]142[.]189"}, {"hashes": ["0c6f859f4bd0351d596342a635d6e28ca457da90aac6248b4a55770715adab54", "0cba2641937df34648711938c327a7565095891322b877ee46e94eb8f0207597", "1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "379bc10e9e144c7921a5c114ba0101229b437357e7d3c328415753fcd61bc5fd", "410ac8b759f06bc567be6837bef0daef084ef6809c42c7de840289916255d0ad"], "ip": "24[.]148[.]217[.]188"}, {"hashes": ["0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "03f1bd10d5036123120fe3fcc0c84ef26d4f6b9e9506b33b0851c78d2deb0f0d", "233d624f9f0c915edcf6e149a8ea10158ef09053debd0c5d037015249fa69a5a", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c"], "ip": "217[.]168[.]210[.]122"}, {"hashes": ["2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b"], "ip": "37[.]57[.]144[.]177"}, {"hashes": ["1fe1083bf610b8f8510b40d2fbdffdf9019aab383149e6dd1fc4d138c9607e0b", "2158fd4a92f3da932897f2a1bb158d72d7e1a507e8eff0fe0791bd7790bee93e", "268880ac05d3e4250759e5b3f124e44f0af58797343913c2451b18a094e9e3c9", "2d8776ab5efe4651f217f1e8eebf427d3f26889aa277e9cb5637a8544cac26be", "65cc91cd214c185c29c439cb5b3860eb35ff9ed8da68bda6de186eb62d9e3d3b"], "ip": "77[.]48[.]30[.]156"}, {"hashes": ["06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "13f610014a486c7e6585ffa2cda3d455bf59d36ed6eb144cbd0c9e7933acb927", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "5c795ee27fdd9f2a3043b087156152668d4fa17fd8a48e9474b3d21344bddc03", "621f34b8eddf6cde324808fee65b910add1cbab682693b52fcc48e5835de1c37"], "ip": "63[.]248[.]156[.]246"}, {"hashes": ["12679751aa2c8fbcbe32d17e9e3d61b8274514dc0866645096ab6c9b47975057", "276dcdd9fc34b659d54c63d68f6165557a479dd0973aa855035e8b121eab0b92", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "678cbad836277e1728260d053bccd672964eb80a7daee0a67f14b458fbaa2c1a", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f"], "ip": "208[.]117[.]68[.]78"}, {"hashes": ["0242d3e659006128358a7531dc5fdcb71561b2a82512ed21c6283731fc5a7716", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "84a69f431c6aa07d017e5931b5d12de0181ec117389aad48895b5bec606a716f", "a9acdfb1b29f7c77309214b64dc9185ad0239b7d1ae1cd38e10a56c14e299a6c"], "ip": "64[.]111[.]36[.]52"}, {"hashes": ["06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195"], "ip": "194[.]228[.]203[.]19"}, {"hashes": ["06df2ad130f7d346c1ad75b341dccf51640acd5aca5126f6476ffad517fbe3aa", "324a62f841f9939a46bcd3d7556571c9eaba96c7a6bdfb912013209731fe019e", "489f07e682bcac982408799a942422d975aa0f18488a2b87909f45c9964084b5", "dac17b50ed7189decd50b44c9a8de44895fe9f0331cf0c0c969f76f88b955195"], "ip": "95[.]143[.]141[.]50"}, {"hashes": ["11e1fa7640fb1705c67740344fe19de354efcb0c8e12ffae9dc76b77ff4bdcb0", "1ecfde875503fe97095ac04c2b25b09aa6b4fede2a793bdfc9712337f085a452", "73b9ac5b0c14e80cdc1d3e78f5d0357f7e6461627c614a53ee37b5c7a40754cd", "82c89003570cb441c1a6f1e57de9829ccdc444c4c7f9b4d4594c1e7cdbfa32f5"], "ip": "69[.]144[.]171[.]44"}, {"hashes": ["0000184c2bf83493ce58794679be94ee431ab23d45685b7dcfa64c35e2a1fcab", "41e3cca178d288689536b35f0646e70c0fada01c77d049cb27841d0e0010832d", "59ec75bed250c81abdc617799397bbabb4ca21ed334234c6537311ccf1d465e3", "d380aac38016516b97b5a9de7513242bea00001279ac53e65d72d61ad81ab0f8"], "ip": "94[.]154[.]107[.]172"}, {"hashes": ["24be4e6bd57805440f084f3ae547d95e4583ffd992cfaf7df9e6b6e56dfea6eb", "4f5b3a5d6b40bccc5a256dd4338e302cfd66a6b533f447657ba228f033994011", "5f5076c4efb3af4940a2b9c32cc007e4a20f52c76a4916ae12f8e6b119739173", "f08d115d2b0be6662d5fc3d97ce139c381f3e8a02e664c132bb29d73f9ed00b4"], "ip": "209[.]27[.]49[.]117"}, {"hashes": ["06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "4d2d014c29d674425b5f82e26bcd75fe90f9bc4d12c3d61feeaa305796e98b9a", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f"], "ip": "72[.]175[.]10[.]116"}, {"hashes": ["06075bf7b39f70f68a36f5ae808c4b70824559e60bd63b241bf7f838ebe67602", "47337c839ec88d1abc867fb1bd881d222390644a6a85bf800bf073b74eefce45", "e92d317cb8441d382cb331aec89972691878e2d2f5abd7cc62cd4c4ac7136d9f"], "ip": "73[.]142[.]130[.]81"}], "mutex": [], "registry": []}, "reports_count": 105}, "Win.Packed.Zusy-10003901-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1217", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "firefox-cookie-read", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "malware-generic-infostealer", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-game-information", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "network-snort-server", "hashes": ["76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "network-opendns-malicious", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "mitre_attack_tags": []}, {"bi": "feed-public-ip-check-dns", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "mitre_attack_tags": []}, {"bi": "network-dns-category-cnc", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "mitre_attack_tags": ["TA0011"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c"], "iocs": {"domain": [{"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "host": "api[.]ip[.]sb"}, {"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "host": "guongelasenne[.]shop"}], "file": [{"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8"], "path": "%LOCALAPPDATA%\\Yandex"}, {"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8"], "path": "%LOCALAPPDATA%\\Yandex\\YaAddon"}], "ip": [{"hashes": ["6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c"], "ip": "45[.]15[.]157[.]147"}, {"hashes": ["29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d"], "ip": "45[.]15[.]157[.]131"}, {"hashes": ["4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84"], "ip": "45[.]15[.]156[.]170"}, {"hashes": ["6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "ip": "172[.]67[.]75[.]172"}, {"hashes": ["2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923"], "ip": "176[.]123[.]9[.]142"}, {"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f"], "ip": "104[.]26[.]13[.]31"}, {"hashes": ["936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d"], "ip": "94[.]142[.]138[.]4"}, {"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f"], "ip": "5[.]154[.]181[.]54"}, {"hashes": ["6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c"], "ip": "5[.]154[.]181[.]39"}], "mutex": [{"hashes": ["1c71e9931848f48aad664d040cfc4aad4ba16bb51e025260402bfb7c48da384f", "29a5153d6f84d6f5c377b2c63e8e36f4df259de9f9ecbc4742e0b91f69927472", "2a988d986f530d6005bd904674c86f56ad319073f912c73c8a85eac9e6b83bd8", "4894acaf378a905a66f58363b62f6c15114105ad32eff416ca882eebbf5c4a6f", "4c8b74d8bda98ef787f8b00a4378fb7eda2562d3effce4dc49b68fc20d5cb9dc", "5291640da9164fa51f930cce3108dc619f0fba6bf362f4b2e4af4a05798f4136", "6b5f8229b2347cb6a106ad4a531400541265f1081eb9d3e396565f3712b95f41", "6d4819c3cd10adaced6a56b61be1798502f956fb72f6a12dfa3977caacc58c3c", "74d44b2efd64c3fe0d3efad1c6dcb1e4a6f33cc8ca9aab2c4d6e6a71f8530348", "74ed62fbb15df9fe0add0406f468763fa5eac405442a13e5760b08f4ffc27923", "7665128519d49eb1f5163d25cc4d7e714acc7e54fb9981a34bd072b326373d30", "76955cf8d50051264cf788f0ac30759a7b649f94cde8026bd0db04bc2cfdb1ba", "786b41d5cf21945a248441d5399e8f73e4942340ac830f689131a22e99f3830f", "8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100", "910022461f1df0c7b35f8989466e56ee45a00619970e8a1283ff8cc2f20d28e6", "936a8a99ea8442e2c99f59472b079b8d421400a847da07c9c862912a5462588d", "9dde8babb0deaefcbdb486b211cec17481c0c83b87d2fa525f97faa8be2c2b8b", "9f07595bd50329ee24499caaac018cd47de494dff4fb70db28eb3791fe027456", "b1780701caae81b5c1273e811a325fb0be44e8106eb4687d47d3e1bfe151ed2a", "be53c224313077b536f444663754ff2fa8e13e3ac34ec544cf63d627e8eee8ce", "ca2b4c008f9a7378c5f5cbb18034569e0c092f2aa267f3dc49e442637edca4f2", "dc7859f512d405c6e2fcdd13a876c5e7177fe8d63f9367ebf6c3bc7b920e2d11", "dcef4ecf58ba5e9383ed5466f2583b457de189b91302d7e36c3eb114052e678d", "e033d499892e6303ceeeefb7d54e35f263838e68dd75fd5d4f01a4c0b6fe7a84", "ed96b5ea4373e5b3569ebb2758bf02c2ec6507198ed650435af90199af25c4d8", "fcbbac640b7d363fd741bfd4c5a7d212c5a2782f758cf68c37d228563bcebd8c"], "name": "Global\\"}], "registry": []}, "reports_count": 26}, "Win.Ransomware.Ryuk-10003991-0": {"bis": [{"bi": "modified-executable", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-windows-task", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-exe-file-execution", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "process-with-multiple-children", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-tls-callback", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "startup-folder-modification", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-attrib-hide", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-exe-substr", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "cmd-windows-env-vars-detected", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "file-attribute-modification", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "created-executable-sample-appdata", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "document-decoy-dropped", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "artifact-rss-feeds", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-notes", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "excessive-sample-duplication", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf"], "mitre_attack_tags": ["TA0005", "T1036"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ryuk is ransomware known for targeting large organizations and asking for rather large ransom payments to recover the encrypted files. The infection has been associated with emails that contain malicious attachments that first deliver Emotet, which is used to deliver modular payloads such as Ryuk. Ryuk encrypts a user's files using AES-256 + RSA2048 encryption algorithms.", "hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "8c983fc99712412b33c356e0fbba3e58ca1ca0501537ea11c81cba0198442abe", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "iocs": {"domain": [], "file": [{"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ryuk.exe"}, {"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ryuk.exe"}, {"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "path": "%ProgramData%\\ryuk.exe"}, {"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "path": "%System32%\\Tasks\\RYUK"}, {"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "path": "%System32%\\Tasks\\ryk"}], "ip": [], "mutex": [{"hashes": ["0d25bbbeb68847cab4f3805bb8028ca901aa569abb038660c5febfe2ba24ec09", "557013f396529759dfe68b14246f96d448623fbadc75052a7892a34c60a2758a", "5a0c6b1b2235159f7b144ad1aee1c084c7914b1e1f294c4cbad7a163df3081cf", "5b12f08466104a9318ceed9a4ff13f1c1fdbcf734e3b5533dd1e86dad213da1f", "5fce1d810a5e1c7536496c1b73eff77c9c3d92ac41f86959a1be5349663403ae", "750bbdf6d68ab7df6e55ea92090328af5d02d4a2c1158cee5ee7190f5c785c1e", "775745a0c067961761fa0fba5a2bef456413cd9096906d8772d4b9da6bf5e8b6", "be1b021843326399a29f22897b25162986389905d25102c47a7d7a5853cc315a", "c293249b528d552bbad69228ffb8b823163f35db8eb79498ab9307f490ea8cf6", "d1600035b5cead621bc33e7024a4bb9ecf6a9583f23aaabb98e393ccfbac9601", "da6b32948b1c01dbf1b5322199a935b8bbd8d6514ffc43ff5355f22eeed1f171", "ee864a8610aea416b02ae7959606775444af70f3e424315edf3463c87e66f4c3", "f534d1038be3bf9e0909d28ed1acb77825d1424b691a9259f4b7f605e105aaea", "fe4547b20cf40de0e33ed545949f3e0dfef815b5add252d233177386910643a6"], "name": "rykmutex"}], "registry": []}, "reports_count": 15}, "Win.Virus.Ramnit-10003937-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-disablesuac", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "startup-folder-modification", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-disable-windefender", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-ramnit-mutex", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "disables-windows-firewall", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "disables-security-center-notifications", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-firewall-notifications-disabled", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "process-override-security-center-monitoring", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-opendns-malicious", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-category-cnc", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0011"]}, {"bi": "possible-dga-communication", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-dns-safe-categories", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "malware-ramnit-snort", "hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "mitre_attack_tags": []}, {"bi": "process-with-multiple-children", "hashes": ["5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-resource-lang-chinese", "hashes": ["735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-russian", "hashes": ["f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58"], "mitre_attack_tags": []}], "category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ramnit is a banking trojan that monitors web browser activity on an infected machine and collects login information from financial websites. It can steal browser cookies and attempts to hide from popular anti-virus software.", "hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "iocs": {"domain": [{"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "google[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "testetst[.]ru"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "mtsoexdphaqliva[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "uulwwmawqjujuuprpp[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "twuybywnrlqcf[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "wcqqjiixqutt[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "ubgjsqkad[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "iihsmkek[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "tlmmcvqvearpxq[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "flkheyxtcedehipox[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "edirhtuawurxlobk[.]com"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "host": "tfjcwlxcjoviuvtr[.]com"}], "file": [{"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "path": "%LOCALAPPDATA%\\bolpidti"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "path": "%LOCALAPPDATA%\\bolpidti\\judcsgdy.exe"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\judcsgdy.exe"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "path": "\\TEMP\\qMFJQ3E"}], "ip": [{"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "46[.]165[.]254[.]201"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "72[.]26[.]218[.]70"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "195[.]201[.]179[.]207"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "208[.]100[.]26[.]245"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "35[.]205[.]61[.]67"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "206[.]191[.]152[.]58"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "72[.]251[.]233[.]245"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "142[.]250[.]80[.]46"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "162[.]249[.]66[.]21"}, {"hashes": ["12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78"], "ip": "45[.]79[.]19[.]196"}, {"hashes": ["3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "198[.]58[.]118[.]167"}, {"hashes": ["0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef"], "ip": "96[.]126[.]123[.]244"}, {"hashes": ["802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0"], "ip": "45[.]33[.]23[.]183"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0"], "ip": "45[.]33[.]2[.]79"}, {"hashes": ["3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87"], "ip": "173[.]255[.]194[.]134"}, {"hashes": ["866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "ip": "45[.]33[.]20[.]235"}, {"hashes": ["5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59"], "ip": "72[.]14[.]185[.]43"}, {"hashes": ["5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4"], "ip": "45[.]33[.]30[.]197"}, {"hashes": ["3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4"], "ip": "72[.]14[.]178[.]174"}, {"hashes": ["d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0"], "ip": "45[.]56[.]79[.]23"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32"], "ip": "45[.]33[.]18[.]44"}], "mutex": [{"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "name": "{7930D12C-1D38-EB63-89CF-4C8161B79ED4}"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "name": "{79345B6A-421F-2958-EA08-07396ADB9E27}"}], "registry": [{"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UacDisableNotify"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\EFS", "value_name": "Start"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION", "value_name": "jfghdug_ooetvtgk"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "JudCsgdy"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["06148818f98f51bcd14a7b92ae2ed10d0bec53e3e3c3f61cd237e481f82c0d32", "0d0a7f29e2670fbe81142948619e4eeafbd7665640f72b7c7c65c7351d4f4018", "0db3b8a863fecf11852063a528c06760a6036bf0b59c3e7098e4d9663f6be9b7", "12010b190837f9a739023874b3050d5302256478b4a2b118ebe6b985a63a3d88", "3868284340c86e65f2123d8c28b12b8cc6bcf3d4ce78a7fe172066dd1aa54a86", "3a3af352a97262fbf28da273ab68b7ce8b20c6684c9af3366629d08306d89c33", "3aa9915ca67ab0a4e2f39abeea140aa6b572a56101401f77c2e71a176e8a343b", "5a3a5256f59dc95a179b57b2153814492fdfc3236ebe059497785d7d1bc7d5ef", "5d8da870059a98227317238c0d55fd72e56991df2e7d5000e4d1e8b928ac3d58", "62b22a8010083fb6892e76e975f65ee3dd19b814fe26388e11d3ae7d9464b6f4", "735e73cf6f2feb06e0ea685e3470cab216e5e716e055b06e1def285e6d6013c2", "802ac9bbe5a0aa104f81b94789bf45d1901ac9e9508239fb2497ba118553b9a7", "818d517ec1eaf19125c90a296cf03b5f24d7a4a0c09ac602f2057d02653b54d0", "866f4dc906a46ef7c7d66ba04f789ab73addd75f796acb2053ab26ad6808ca87", "a0e670deda039e728698d0bd77d675bb43b2ba59ad7072df420679702aad5b6f", "aabda214459610e3f99d7010fa6e1aa3c14b516d5931a247497e164061d4ea78", "ad141e9754ffc131fc78c926b5b939cb0c1da8a2fa7b5c186e3e7b948dfbad59", "d855760b6d0d9960c9926d4cc54b2db0812262041fc8c63bb164d75a99323fd0", "f67ea22f1630d61e9f77d154fbe98d67978d36b6e08ac8f898996bfc88334ee5"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}]}, "reports_count": 19}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-06-09T13:42:13+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Virus.Ramnit-10003937-0", "Win.Packed.Zusy-10003901-0", "Win.Malware.Zbot-10003849-0", "Win.Packed.Upatre-10003658-0", "Doc.Downloader.Valyria-10003621-0", "Win.Ransomware.Ryuk-10003991-0", "Win.Packed.LokiBot-10003974-0", "Win.Dropper.Nanocore-10003611-0", "Win.Dropper.Glupteba-10003588-0"]}