{"Win.Dropper.Tofsee-10008793-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "d239a96a2b15b78ab70b93fd103c76293eb4490593992d6b35c1ae7d7956ae15", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "d239a96a2b15b78ab70b93fd103c76293eb4490593992d6b35c1ae7d7956ae15", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "d239a96a2b15b78ab70b93fd103c76293eb4490593992d6b35c1ae7d7956ae15", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-hollowing-detected", "hashes": ["84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "nginx-webserver-detected", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-communications-http-get", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-large-data-entry", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "network-dns-category-cnc", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011"]}, {"bi": "sc-service-start", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "sc-service-create", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-snort-server", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-http-non-standard-port", "hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "double-url-detected", "hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-http-numeric-ip", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-client-error", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-dns-upload-file", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": []}, {"bi": "dns-punycode-domain-detected", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": ["TA0011", "TA0005", "T1132", "T1027"]}, {"bi": "network-snort-browser", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": []}, {"bi": "html-page-not-found", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": []}, {"bi": "html-malicious-page-not-found", "hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "http-response-redirect", "hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a09c52ae8195a193d47ddd1100405179556ded2d99118284628bb382aa41b74", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "78bdff74a9d805e9f9f579ce0de101bf2deb8f341ea1cf90315528a8abe30bf9", "84a27a78f530ce50649de7add12e861c8c6818828dd91e64902a97a937bce4ea", "84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35", "a8dd148fa85d239fb47f6524a1706ae783a2a2e47448fdb1aa3be18315f36ce9", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "bc483dbde3ef5f491f2c038214df13c647f35736c43fd617731dac507e62cd68", "c5712973eff5fedc221c4783a457e6ecf8a652cb8b213beecdc1e7439913bb86", "d239a96a2b15b78ab70b93fd103c76293eb4490593992d6b35c1ae7d7956ae15", "d3441f161efcc0c004c8e80dca94e94c6969a95a442dad688b48e1074b16ef09", "da0bd2568e010e954f29b03512d733e3f6756110fcef569c25f368442020a1ac", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e"], "iocs": {"domain": [{"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "microsoft[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]google[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]evernote[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "steamcommunity[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "vanaheim[.]cn"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "i[.]instagram[.]com"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "work[.]a-poster[.]info"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "t[.]me"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "ag-filmwissenschaft[.]de"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "escolanacionalbrasil[.]com[.]br"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "smtp[.]mqmatt[.]demon[.]co[.]uk"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "goldorbit[.]co"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "wallet[.]moonstake[.]io"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "host": "droneattitude[.]fr"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "xn--bro-365-n2a[.]de"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "leakmaster[.]fr"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "mx[.]mqmatt[.]demon[.]co[.]uk"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "tcmferramentas[.]com[.]br"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "webmail[.]mqmatt[.]demon[.]co[.]uk"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]escolanacionalbrasil[.]com[.]br"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]leak-master[.]fr"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "autoconfig[.]inti[.]pl"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "mdelights[.]online[.]co[.]tz"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "smtp-auth[.]mqmatt[.]demon[.]co[.]uk"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "autoconfig[.]aftermarket[.]pl"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "mx1[.]mqmatt[.]demon[.]co[.]uk"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "smartvideoreview[.]com"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "host": "www[.]bartislaw[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "clubcale[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "ad[.]naijabillsplug[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]radio-r[.]cz"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "check[.]harimaugayong[.]fr"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "test[.]zyya[.]co[.]uk"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "sepezv[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "omgyoga[.]pl"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "neotrackgps[.]com[.]mx"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "www[.]n[.]unregardvip[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "desherp[.]cakestorys[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "admin[.]apnagharana[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "gazaseg[.]com[.]br"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "cavalierpharmacare[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "bagouae[.]com"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "host": "bokser-klub[.]pl"}], "file": [{"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "path": "%SystemRoot%\\SysWOW64\\fprmiazv"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "path": "%SystemRoot%\\SysWOW64\\scezvnmi"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "path": "%TEMP%\\gaasvfjv.exe"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "path": "%TEMP%\\gnqlkeey.exe"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "path": "%TEMP%\\dkrujxqa.exe"}], "ip": [{"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "142[.]250[.]176[.]196"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "104[.]127[.]87[.]210"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "45[.]143[.]201[.]238"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "62[.]122[.]184[.]92"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "176[.]113[.]115[.]84/31"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "62[.]122[.]184[.]58"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "46[.]173[.]215[.]145"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "34[.]120[.]241[.]214"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "142[.]250[.]65[.]163"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "52[.]101[.]40[.]29"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "93[.]115[.]25[.]13"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "93[.]115[.]25[.]10"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "93[.]115[.]25[.]73"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "93[.]115[.]25[.]110"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "66[.]254[.]114[.]62"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "142[.]250[.]179[.]164"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "104[.]26[.]0[.]70"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "20[.]70[.]246[.]20"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "20[.]112[.]250[.]133"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "ip": "20[.]76[.]201[.]171"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "198[.]54[.]115[.]155"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "172[.]67[.]36[.]42"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "108[.]138[.]106[.]122"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "ip": "173[.]236[.]159[.]135"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "87[.]98[.]239[.]24"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "69[.]57[.]162[.]3"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "85[.]13[.]128[.]25"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "54[.]94[.]29[.]196"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "64[.]176[.]172[.]124"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "195[.]30[.]85[.]62"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "185[.]115[.]178[.]163"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "108[.]160[.]152[.]122"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "198[.]54[.]120[.]134"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "142[.]4[.]27[.]231"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "198[.]54[.]116[.]133"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "93[.]185[.]97[.]5"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "128[.]65[.]195[.]211"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "192[.]64[.]117[.]122"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "172[.]67[.]152[.]240"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "185[.]135[.]88[.]92"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "68[.]70[.]163[.]36"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "185[.]221[.]181[.]20"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "170[.]10[.]160[.]25"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "ip": "54[.]39[.]130[.]193"}], "mutex": [{"hashes": ["08b22534479c02d68776f0b14885fd872bb4666359d37b56a6b1aedcc27797e6", "1367edc7f74e64673a5830587675e887e34a7700807ebb1c2371a3d24fc2addc", "2f7fa2a61e045a13f998be5d5d55b8af50014588db55555252acbcd6edec8516", "84e81e9664ffc778584fbd651a53a3aef26711a3c4dd2a573fae32be878f9366", "b275b321ed913cfe34adf9d7ae2dd4ada69dd10ec11781773c4b505e56f62bb6", "e3c0bb8a0376793171773f5c272b9b09ca4489d197c104be767414238748eb0a", "e927fd151315c9390936af55690f5d476e373ff61ff061b24597cffc3f118f01", "f7cc06c095125901a06356eababa0371605f8d8371c7b904c472e38067831b90", "fff95abee8aeffff4bda634857a079f0c537725a4d1ee77b8f64d52cff44600e"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22", "2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6", "8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "Type"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "Start"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "ErrorControl"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "DisplayName"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "WOW64"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "ObjectName"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "Description"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\fprmiazv"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": null}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "Type"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "Start"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "ErrorControl"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "DisplayName"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "WOW64"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "ObjectName"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "Description"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\scezvnmi"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": null}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "Type"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "Start"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "ErrorControl"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "DisplayName"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "WOW64"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "ObjectName"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "Description"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\hrtokcbx"}, {"hashes": ["8f75785c6aa933e61a3aceb62a5b9dfe3d569c141aa0d168d0ad93c07bcd0c35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FPRMIAZV", "value_name": "ImagePath"}, {"hashes": ["2a50355afa176ee2e9df2c239eb2a7031b4a674bcba68f14e594e8ae210999a6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCEZVNMI", "value_name": "ImagePath"}, {"hashes": ["250afa052b2263e2bebbe9f5e6a287ab5b7a0808ca4fa86088e8b2075164aa22"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\HRTOKCBX", "value_name": "ImagePath"}]}, "reports_count": 21}, "Win.Dropper.Zeus-10008893-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "pe-certificate", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "feed-domain-rat", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["299b13d4abf4778c8aee767664199ae66ad8b5272b7d03154e0d67177d45f782", "47c4de16f346d43f1d01e891545099538d195fc92bb153bbbd19cf8c61c447f4", "5d70499ee878a0967ff397c09451afdd9f37b411532a1c1ee4f3069ea99058f2", "5db027d44698ce496cf23eb5dd9b227898edb7b54bd65528218e4795205a1c9c", "6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb", "6ec59e9586a5e1d8ded53176e8e324e2dbd0b24455e16cedf850d696c7b89fea", "b9e9380a9ce7ad925d002999811482323df4d8472d39426f67ef117800f83539", "bc7ccda17dc399f52e02c98009e0353835574e575c89247873f3cb99747b161f", "bed77c67f4d93e31843ba750f2c6774a9a10c2ae6a99019dc8a1a7140f68bd6f", "d48b70b404041e1e3a62d838e02c574b98d31d3fdb589f4bf9a2b470894a195b", "dfb679e2b49952f5dac9182daa68ea3121dd8afc582a0d7e620941c61a96b744", "dffff68e9e9b25c181829bd68f64c21d8679a21b2d00f7eaead8335e4b3f4f02"], "iocs": {"domain": [{"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "host": "sauti[.]com[.]ua"}], "file": [{"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "path": "%TEMP%\\tmp0aabb930.bat"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "path": "%APPDATA%\\Syefa"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "path": "%APPDATA%\\Syefa\\hapa.exe"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "path": "%APPDATA%\\Yqly"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "path": "%APPDATA%\\Yqly\\ixyc.nuk"}], "ip": [], "mutex": [{"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "name": "Local\\{959438EF-7AE7-D2CE-23BD-3CA69922D313}"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "name": "Local\\{959438EC-7AE4-D2CE-23BD-3CA69922D313}"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "name": "Local\\{BE325DDE-1FD6-F968-23BD-3CA69922D313}"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "name": "GLOBAL\\{<random GUID>}"}], "registry": [{"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOACAK", "value_name": null}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{738044C7-06CF-34DA-23BD-3CA69922D313}"}, {"hashes": ["6ae6bb2ba9196186c7014b5bfd97f0e2971e540a97fe680bec37274e879577fb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOACAK", "value_name": "Hosa"}]}, "reports_count": 12}, "Win.Malware.Generickdz-10009245-0": {"bis": [{"bi": "modified-executable", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-category-proxy", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-tls-callback", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-header-timestamp-null", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "tor-process-execution-detected", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0011"]}, {"bi": "enumeration-wmic-computersystem", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "memory-execute-readwrite", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This is a BobSoft Delphi application that wraps malware. The malware uses process-hollowing to hide from detection and achieves persistence across reboots by leveraging an autostart key in the Windows registry.", "hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "333c632ef21fc0fcea04331479a396e5e1a13b2ee9e8b618fe6d228a289400d3", "3bdec0d5cc7999453cc1604ab8c7c461476609ed1110f838ae7ca557acad3c9e", "3cdda1dc6b98abdbf63a3ca3ad536fec30198b19b1a5523d84695281ddf16009", "3ec2b9d2deed92fb7a0b02257564e194fa77dc89c235255e700a1ec25789d176", "3ff89ad1674f44bd616429c27c3cae7025a979691357f6618bb95493e398d20d", "4150a2b1bd5686e6f027727a346a2443faf2f3bbc29d8e00e9b8bda6e26d2b13", "41655b3022322f61da71e251f415e7934fc46cbf36535d593c0295afd499cbe4", "43017c4b299c5f764e4fc305cb543e126028c4f148c4cf93c4c5d9ad046bc97d", "444657ae49bb33729946476ac39f88c25b8eb92a45255c744ad317bfb2a5c4f0", "4719a03ba302576b6c790dfdfd78fb9189ecf6a1b7535fe7fa10c0b63e2f5f57", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "4a50b5460b48b14f9f9a38790b2a789cd64e1881ff214a3df9245ff4b28d20d4", "5366f349ebd3080b9ef0a69d054d4f7fba76447d6d207f7fae028920f1f467d2", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "5c0e514a6c9455e46f991266c9c36aaf50c45a503cb607dc923ff0cb288101ab", "5d159a1208a8f6bf386485639b4f604801ba43d7902ad92b91ed54fc2067e2ef", "6111ed486da00343bf70218fe0b33f7a30d552b6bfa9d42774a0da3b7e811b83", "69542512ad7fb60c77eb2a923105ac09a3cecca2cabcb63498a33d37a89f4db5", "6ddeb1bfc465d54b568a3747de44d40ee215e2199f9bac6304f752169fc7a645", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "75e657b79fb275ff52c05618078a1d40b42ca1dd5049629cf52f30fe672c8453", "7864798fac5db2e6cc7d239d5bfd33edfa5bc605a5d443aace5c66f9349d3caa", "7f70871d33963aa4d585324f510e9673fbc76644325439f0b364a7c7d25be5ef", "81e4d36c429e37d49be8dcbc1eca9692782e4f18edb9adbd9403b9bf3b943fa0", "8657e78096ef832e28c34095e04cfee393635e779ee7b9750a99f8415ff4e396", "876d1c27fea4968256eff8684c27a326adc4b8c9e18a0a8f89809f49214eade0", "87efc130df0089f8803587efc97070f3abe5a897cc291f1bbc590186b84d16f0", "8a834c7fc20857570dbf67d98df7f87075603da28fa702525cc8f3b28f7784f1", "8b79462f79a2bb90e191a035aa2edb73bfc3b3c142e20999bf78c5137d0e9b85", "8e7214893e05c884a44d5377c3f3cd809163fc1224c2e2ef8b297f3ec5a3c07d", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "94ca1e22bef565cdcc1d30b91b1cfccb4310cddac8b8c7ae6cadbabc549a5d4b", "973cfbbaf595b92b7475dd13b71b6f4c1f9db158e420ef3c461d463ccf3966e5", "973d598b8b794d92bed2d10eca38fbd29a6bccec658fe6623edc57713ecf877b", "9752b895add3b1da8190ad5db8a821c8e3ef6e468a871bb6268b4a2cfb969fcd", "981b25d028df9693d6bfdba93df83b8b2c3c6ae0682de8f1fb87472dfbff0b26", "9a0aeb99f6050327dfe49153033b7f7252497eb4b7321dd85e014d7ba325c961", "9d11bc6d11d54957401cbc521a1e1e49f9747c3d2c90cebab0b22e222cc01bd6", "9e0e771d319709cff101ad990d676a4171aaaf36d7be8905b171381a548902f4", "9f1d7863c2cc7fd6d4908acc31c188b929173737ccc720285ee88c757486a1ee", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "ab0000c63f43dccd4e52b12a9c193e707301cd5afb585e974a75e15ef180adcc", "ad5371d906bf42aae795da30eb0545b05946b96fdeead63d9028c102e56bfee6", "add1180bdf75368ebe1e55cdc0c1fe09fb9d37da73b5f432dd1b0a425729c60e", "b4123e678ac983c575f7011734c5748314af3675facefb3be77f1c89fcba9a21", "b6028edde85f329382d067ce04922619c5cfa9770e8ef68ec5b2356a38249141", "bad07f7e8a83ce23aab4fc770a141e6d075d915226ea4ec5d635b2b83ec95266", "be31929f0b0455cf861aa28c55c5b0a4906582b7449c8634f98299f58b27955c", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c18ada64c23266fe949a8a684f611ed09aeb22597e5cfac3c9ed47fc82bbb65e", "c4818b8d0fa820b9b7d081b6cd0e5fe929239017b778e8e79420037855d0a332", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "c831c2e04d398c4e6161b4b489b6ecd441e2a4ebde4299cfe84031eef098eb0b", "cbb8c07ccd88ab1e1c20914e3416f23e6f586555e8135ff7a67963f75934fdc8", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "d48fed61ec69a5414496eba4ee629d66a6ea1a6926faa57f17d3c7fa4c31e81c", "d92bc1738565d9ae3eac09c25b92920dd68e05774f6a9246787dc895a7fc6adc", "da3a5cebb6e43fdd77246b350ac6643215570046ac903ad0c51186f297ee5e6c", "df668236c2de5def2a336bcca4337b263de636d2a723473ce0c48eb198893032", "df9678e7e34793248cfa0cc6b52b53d2b8c3124c382140baae8d8f1666bc377c", "df9b5b0dd94e3639c1ae012fc7627fccc8c4ca3c390f068feafea0675342c2b5", "e07f70ba386585011276467dc04ed8dee5dfc6e7b624e0d4b46e5a0e514d2c20", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937", "e7f08238a3e7845ce7d1ed3876b977f1a9ae7a493b0933d559694d14e1996700", "ea1ee226f40dc24f9d1620f5349839556dac323c765487c4b9144954244123a9", "ead5b0a7e7e53ef2144b3681d6837cb390c4088b53d6ca6cb8411bc576633fc2", "eda6f22740b226468a0722e323acb80eb97f0829b821aac78b4a3ba49d94f3ed", "f33b90be41afaa33ad7dce0352c58648c1813f4a52f6de4add7dee7dd6bebd96", "faf420c9103d7872bd29afd872683b5e0657fc94ec0aba474eb4990fba0a3d3f"], "iocs": {"domain": [{"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "host": "dist[.]torproject[.]org"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "host": "apps[.]identrust[.]com"}], "file": [{"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%APPDATA%\\tor"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%APPDATA%\\tor\\lock"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%APPDATA%\\tor\\state.tmp"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%APPDATA%\\tor\\keys"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\LXofuCuCRybdyb"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\data"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\data\\geoip"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\data\\geoip6"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\tor"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\tor\\pluggable_transports"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\tor\\pluggable_transports\\lyrebird.exe"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\tor\\tor.exe"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\authorized_clients"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\hostname.tmp"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\hs_ed25519_public_key.tmp"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\LXofuCuCRy\\hs_ed25519_secret_key.tmp"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%ProgramFiles%\\MicrosoftEdgeUpdateTaskMachinUA\\MicrosoftEdgeUpdateTaskMachinUA.exe"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%TEMP%\\rICllE"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%CommonProgramFiles%\\SSL\\openssl.cnf"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "path": "%System32%\\Tasks\\MicrosoftEdgeUpdateTaskMachinUA"}], "ip": [{"hashes": ["03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798"], "ip": "23[.]221[.]227[.]169"}, {"hashes": ["03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306"], "ip": "204[.]8[.]99[.]144"}, {"hashes": ["052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "ip": "116[.]202[.]120[.]165"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb"], "ip": "23[.]221[.]227[.]172"}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93"], "ip": "116[.]202[.]120[.]166"}, {"hashes": ["059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5"], "ip": "204[.]8[.]99[.]146"}, {"hashes": ["58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47"], "ip": "23[.]12[.]144[.]141"}, {"hashes": ["1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a"], "ip": "23[.]207[.]202[.]25"}, {"hashes": ["72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3"], "ip": "23[.]207[.]202[.]50"}, {"hashes": ["58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "ip": "23[.]207[.]202[.]61"}, {"hashes": ["55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93"], "ip": "23[.]12[.]144[.]134"}, {"hashes": ["2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d"], "ip": "23[.]207[.]202[.]8"}], "mutex": [], "registry": [{"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CITYDAYMUXBDTZQMCTPQF", "value_name": null}, {"hashes": ["02769490efc0cb7b5ed1a83b9aa02238f17aef0760b3325cec45ae78e419d15a", "03808a21b1a8a83063c624cb0e633e77c9093bd9faecb8a8fa2129b936e89632", "0523dee85aa0cc35c43c3f8ad796d58ff0d3e9414015b2caa4c4c95568e824ea", "052df1d155296a89e866fab15d4473f7307eb918ff50f14ccbc91f9d6e6d10af", "059fe29a97f02fa143dfd4a5762acc418dc6a5b2981e1f683b6e6da2cf9705ba", "05de62f6b0c8ad346af017806e7834041cc7ff8cbf9fdcb362fcfad29fd4ae03", "07cc8f8907868d7ee923cc5cee7c9e79f724c74729e6014a7ff40a6835b2d946", "095e3a58f05b29cbc0b2202547c8e828247f16066f26f9d76e685dba3c686b56", "0979a6857b1b9965e0fd83de30d869b72518a7edb14fb78f0b7f1e7e4acbee08", "0a94afef69eeebc8954fbc92872fcbfe7b76bbf2398f3ec0452bf6a09c4edaff", "0cfa38e42e694e57f68fc80ed40b834daccb94d1f2cd5ddaaee2ba799eee9585", "12df71269d1963f3859c77f9844a6605be71e1900ed49e53c94838c1e6a47154", "1346bd898581af58abc6e0995420b45202e27f4cdb19b95ed7c8a2482054a312", "14e135d2c7a891ddc08e35da42a25cda594466f4fe8526bdadebc3d6a41ec3c3", "153586b588209aaa5c2bdee017ce70c94a42da0264e03eb5d035b59992f80ca3", "1568f660187f7259d92797e7d4025395b50d32a6471b4f4a540a323831f978c0", "177f19e6a5142a3465e349df54172d7601829cd42b8402e22b80a83c82f20af4", "17abbb02b397162183ef69e19f8195e8b81652473767c4c459839a70068719db", "1c8be8d6f7a92b9d14dffcf065355cb4ac65b2964b8fcafdab34ce049fa7ab0c", "1ee6e62bde271ba12b8d045f6e7f2f6603d58559646567537e4dd04a8739bed1", "1fae9a748f566849e7cab3ae10cbcca39fe3d3a725e08383541931e37c05e1ab", "2111d666ae58c22d079607327c56931f0fd157aa27429bda9e2d4a385d33876d", "22576786f9126b34ae165bef359ddab889830c11cb2269c322115c29660917ea", "2dc3bf58513518e673ffffb0973a195ca97b2536380302cc676fe6e26d3390fb", "32154e45815bbc8037a6dcc6284d01df82ac1f78298a6b7bbeead166bdbf9798", "48e66b7167a75200499bd86b04746247ad26940c79f842167719fcf602809ae1", "55ef2acdf7825b1759329e33cff9f079cc4c0fb7def918baefddad5b107f9cc3", "58656e2fccbdb29880fa0e63fe935eb12cb9773b84690b514bdeea4a30826e84", "58e9f307f7d3d334b5ddff92b95779bf6fb364f5f641d2d6108072133d105bfc", "72409754da72dd939d5c6613d77c0c03778bb82fc943681c4f84f0f5e54ed16a", "72a4a4e6787c6d7926743128425fdd3936e677e9506eb0995257c82c01d0dfc5", "9303bfd080508a962980d6cd668321b090e5cb7c336d557ce47c60e5485f560b", "a2d00fb12316e80d21082476e5e05b08bc2fb30489d9db8e7ef7c6f9dc66c306", "be7e5d7691304072cb7640c74182d8fecbd96f93d1f93c58734cfd1924c11fb3", "c729637cac37b2c847c362ffe9936639082424a58bc44c9bbf4b81f66758eb93", "ce1d4121f737767a151f35571d1571c17ac74f118c4c495d3e4336fddeee2d47", "e22728ef65e2798b0723bf2971ecbac5f63863d5d8bcd54e8b64730f328b1937"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CITYDAYMUXBDTZQMCTPQF", "value_name": "fQptCmQZtDBxUm"}]}, "reports_count": 37}, "Win.Packed.Zusy-10008867-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "845f60706e697966f4812673a45f102db1d7f6c3c16ffaf57ca473ebcc30e855", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "845f60706e697966f4812673a45f102db1d7f6c3c16ffaf57ca473ebcc30e855", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "845f60706e697966f4812673a45f102db1d7f6c3c16ffaf57ca473ebcc30e855", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "enumeration-browser-information", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "firefox-cookie-read", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "malware-generic-infostealer", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-game-information", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "network-snort-malware", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": []}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "process-long-cmdline", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "excessive-tcp-connections", "hashes": ["0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "mitre_attack_tags": []}, {"bi": "network-snort-browser", "hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "mitre_attack_tags": ["TA0011", "T1102"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "845f60706e697966f4812673a45f102db1d7f6c3c16ffaf57ca473ebcc30e855", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "fdf64f0c4d2c3716aba956b74e28a014a916029160b572a898acdfed9d352807", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24"], "iocs": {"domain": [{"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "host": "go[.]microsoft[.]com"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "host": "www[.]bing[.]com"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "host": "cacerts[.]digicert[.]com"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "host": "learn[.]microsoft[.]com"}, {"hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24"], "host": "api[.]ip[.]sb"}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "host": "pastebin[.]com"}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "host": "dob[.]boggy[.]top"}], "file": [{"hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24"], "path": "%LOCALAPPDATA%\\SystemCache"}, {"hashes": ["25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df"], "path": "%LOCALAPPDATA%\\ElevatedDiagnostics"}, {"hashes": ["25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df"], "path": "%LOCALAPPDATA%\\ElevatedDiagnostics\\Reports"}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "path": "\\x5c\\x55\\x73\\x65\\x72\\x73\\x5c\\x41\\x64\\x6d\\x69\\x6e\\x69\\x73\\x74\\x72\\x61\\x74\\x6f\\x72\\x5c\\x41\\x70\\x70\\x44\\x61\\x74\\x61\\x5c\\x4c\\x6f\\x63\\x61\\x6c\\x5c\\x4d\\x69\\x63\\x72\\x6f\\x73\\x6f\\x66\\x74\\x5c\\x57\\x69\\x6e\\x64\\x43e\\x77\\x73"}], "ip": [{"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "ip": "192[.]229[.]211[.]108"}, {"hashes": ["0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["25d4e6d9964c37115bc7210fec766438fb6380f314e7466405da59cefeb047ce", "7e8b3ca776836d299d6d906a9fc0e2ecb4471441be88cb6a0ad0f7eaaf483dd6", "8cc83360e1e67b5d073dc82fd4b4ef08d2fc6f2fa222110ff3bbe2bac80c8381", "ce59592235d7804211f5faf26152cb19bd7934a0dafe2cbdf0ba9d4102f5870a", "d6cc7d0c6a10eedc5f21492af7d85c1b6313dc1f7020059179108cff938f4af4", "eca2a6a27e1c2cf9706356916b623395f1fc72b21146c59972641d87f1d550df"], "ip": "5[.]42[.]65[.]101"}, {"hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405", "b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24"], "ip": "94[.]142[.]138[.]4"}, {"hashes": ["23ade5f024786791ff66513652970a54c43ea4a7be24a638cba66691c8cb71ee", "3e4d1ba7a3b90eb25289789f3be0e147d1c76b1566f3a0d02f84705a5b5468bc", "4b2a69fe45e67b60fd162e588d09cf12a4958593a47ab03dca6279ccde674b21", "b691cd89916ca4986ed42aa690138ff98a47300942b19720e7906418a2c22a3a"], "ip": "91[.]103[.]252[.]48"}, {"hashes": ["0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "ip": "23[.]66[.]172[.]122"}, {"hashes": ["0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "ip": "23[.]33[.]182[.]75"}, {"hashes": ["b0431ddbf3ba31cfb4313e9ce7de5189c8eacd9069e25691f5769ccd6edb23b6", "faebfdfaec4f47dca794259e30e7379651d630f75a08a1ced2d731bfbb0748d3", "fe03ab341e8e53963346d4ac39790b74ec308d1570495f65b0b7fac47433da24"], "ip": "172[.]67[.]75[.]172"}, {"hashes": ["0900e88d7d4150623fa82b4d24ab4ff6d5a8951487c29238366c6bd881927b8e", "84dbe000b9f0052541eed920de12d1d342cfa44662eda0f64684907d9b931ce6", "d92eecac9866dd9f42f2f8850c445997b16aae7db08ddcf6f078e13fa1c4c549"], "ip": "176[.]123[.]9[.]142"}, {"hashes": ["880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b"], "ip": "23[.]49[.]102[.]168"}, {"hashes": ["c1dfa3ab3ad30bea5ec4e3291f5000889bb69f1ed27cea11a212f768bf8e750b"], "ip": "104[.]26[.]13[.]31"}, {"hashes": ["1a6e21b399560930b061631c4ff475ee8408d28bbd4e385f23e6398ec96ef405"], "ip": "104[.]26[.]12[.]31"}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "ip": "172[.]67[.]34[.]170"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1"], "ip": "23[.]5[.]148[.]218"}, {"hashes": ["70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e"], "ip": "23[.]7[.]109[.]223"}, {"hashes": ["e5c0cb54eabcb880741d21716d10b0f021e0942baa556ec483c6a12e5b9c1161"], "ip": "194[.]169[.]175[.]232"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1"], "ip": "104[.]87[.]86[.]90"}, {"hashes": ["af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b"], "ip": "23[.]200[.]226[.]142"}, {"hashes": ["70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e"], "ip": "23[.]220[.]114[.]168"}, {"hashes": ["845f60706e697966f4812673a45f102db1d7f6c3c16ffaf57ca473ebcc30e855"], "ip": "95[.]214[.]24[.]103"}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "ip": "65[.]109[.]240[.]180"}, {"hashes": ["880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28"], "ip": "23[.]214[.]126[.]151"}], "mutex": [], "registry": [{"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "FaviconPath"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "Deleted"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES", "value_name": "DefaultScope"}, {"hashes": ["0428e12f7bace624928c34073f5312473bf71c82de6a2f253306def471a4adf1", "0e8b8b16107a20aad175f56412f5d6620d2c1a807d86a452082cdd3f6dbb8011", "70d1f6b40bc0008f5d818d3ab52bf91510298e84c09e806b1e37a128bc702a8e", "880593452289c2ecbe0ea3e2896b7da917b52e0e152da71f92acea768ce9ba28", "90f286fd48d1d6d5a5377a3b3d2f79f13db0368c7001a4c43ec92aa34ffd850a", "af6db888f95d5021a2c5ea9d41ebc43ef2b77ad1163822a456d67e6ce78c4b3b", "b509ab0ecf5e7b08f5b5b5726f0ea7030fa3470d4b6e484ba397067f403a83ec", "d4665f9b5fc920f707f412bd41c99d1ae5b91b70e68d26c65acb976025586f91"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXT\\STATS\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}", "value_name": null}, {"hashes": ["cfc1f7b4d3b617aac9c76c038a51d87b78745a5d54d8daf05c43c2ebbdf81c44"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ASP.NET_4.0.30319\\NAMES", "value_name": "1ZMejMG5DSKz4xyByFqV1GRMlS8HZQ6Yn1KIiSgrJp9d0orZV6hiWgaq32NtiiZG5uFkfMsmAD26oLZAmfrIDz3o8KCTgcuPBQ7GdIftHeaRqLswFjiJgA"}]}, "reports_count": 29}, "Win.Trojan.Fareit-10009186-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "dns-query-nxdomain", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "cmd-exe-file-execution", "hashes": ["ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "netbios-query", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "deleted-submitted-file", "hashes": ["ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-rat", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "modified-file-in-user-dir", "hashes": ["ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "artifact-windows-task", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "modified-file-in-system-dir", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": []}, {"bi": "process-ping", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "task-ran-using-system-account", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-util-at", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "registry-modified-dns-server", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0005", "TA0040", "T1056", "T1112", "T1565"]}, {"bi": "wmic-nicconfig-dns-searchorder", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0002", "T1047"]}, {"bi": "registry-created-user", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "process-with-multiple-children", "hashes": ["c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543"], "mitre_attack_tags": []}, {"bi": "files-created-batch", "hashes": ["ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-autorun-key-modified", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-resource-lang-russian", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "listening-port-opened", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "feed-domain-banking", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "unsigned-roaming-execution", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-pending-delete", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "malware-zeus-variant-av", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "pe-header-writable", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-zeus-variant-detected", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "artifact-multiple-extensions", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "eml-same-sender-recipient", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "outlook-express-com-server", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "mitre_attack_tags": []}, {"bi": "winlogon-notification-package-registration", "hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": ["TA0003"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": []}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}, {"bi": "file-handler-registration", "hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "mitre_attack_tags": ["TA0003", "TA0004", "T1546"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "The Fareit trojan is primarily an information stealer with functionality to download and install other malware.", "hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "iocs": {"domain": [{"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "host": "volwsak[.]pw"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "host": "volekas[.]pw"}, {"hashes": ["2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "host": "discover-lang[.]com"}, {"hashes": ["2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "host": "net-forwarding[.]com"}, {"hashes": ["b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058"], "host": "t14qb[.]mrbasic[.]com"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "tkpt[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "vbqq[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "ztnf[.]axvf[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "aaej[.]axvf[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "bhtd[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "bkzb[.]ethv[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "fmwz[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "mtid[.]ethv[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "tycy[.]axvf[.]biz"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "host": "frgodogcat[.]com"}, {"hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "host": "ns9[.]ildepizza[.]com"}, {"hashes": ["de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9"], "host": "u8x26[.]mrbasic[.]com"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "fmwz[.]axvf[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "xdfv[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "tycy[.]ethv[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "xdfv[.]ethv[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "bkzb[.]fvgd[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "vbqq[.]ethv[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "hrvv[.]ethv[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "vyic[.]axvf[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "lvtg[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "ynhz[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "ctvr[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "vbqq[.]axvf[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "bwcw[.]ethv[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "tycy[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "mtid[.]fvgd[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "ynhz[.]ethv[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "ywgd[.]fvgd[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "xdfv[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "texd[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "owks[.]axvf[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "yixj[.]fvgd[.]biz"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "host": "kipz[.]ethv[.]biz"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "host": "ctvr[.]ethv[.]biz"}], "file": [{"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "path": "%System32%\\Tasks\\At1"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "path": "%SystemRoot%\\Tasks\\At1.job"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "path": "%SystemRoot%\\calc2.exe"}, {"hashes": ["b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058"], "path": "%TEMP%\\st1m.bat"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Ymak"}, {"hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "path": "%LOCALAPPDATA%\\hjakeri.dll"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%TEMP%\\FB_20CD.tmp"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%TEMP%\\FB_20CD.tmp.exe"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%TEMP%\\FB_257F.tmp"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%TEMP%\\FB_257F.tmp.exe"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%TEMP%\\tmpc254a5e1.bat"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Uzyz"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Uzyz\\ebesa.fye"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Ymak\\udvyn.exe"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Yqociv"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "path": "%APPDATA%\\Yqociv\\qivu.zys"}], "ip": [{"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "ip": "212[.]47[.]210[.]141"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "ip": "85[.]234[.]129[.]33"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "ip": "62[.]212[.]132[.]148"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "ip": "77[.]72[.]24[.]240"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "ip": "81[.]169[.]154[.]37"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "ip": "83[.]142[.]191[.]37"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "ip": "178[.]32[.]62[.]1"}, {"hashes": ["e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "ip": "81[.]169[.]187[.]148"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5"], "ip": "87[.]106[.]69[.]18"}], "mutex": [{"hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "81bd4325fc6e369edbf665bab10cf79f867bb77f29f7215a54de9812d8af8ae4", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "de16d96171677328d47f8cd7854ff942a326bd3d7e0fc2a9e3444c00b34be4c9", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "ec239276079bb23a5240f77ce4e47aafef0bb3159b1c8c0073734d927e1ad058", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "name": "85485515"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "name": "Global\\MD7H82HHF7EH2D73"}, {"hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4"], "name": "SQCIK-B9ZAV-QTJCA"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "name": "Global\\dc1806a1-5c3b-11ee-9660-00151739c869"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "name": "Local\\{<random GUID>}"}], "registry": [{"hashes": ["149f0a5c052fcefa44483d4eb092e67733d5b057c2f4cee43c0d9f67ef44dcf4", "2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6", "4924cfc70db2c78aaad359f0725bbfcfa513d505393b89ce09722e62c3211270", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "69482dfbb7157670fc5bc48dbef2203d056ec6a43dcb10cc8e9941cfec9615c7", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "8225702ed0e77339a45faf1e3f239ed93076ffe5ae01940f92f3a385133f141a", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "b689e59a9c4e500548d09999d9561ecc71e5c719ba84709434eb830d8212d3f9", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67", "de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327", "e76fb7c6053a4de38f4cc4c3f27d9d7a1754ddcb8376c5ae168271aa0f8ef59f", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS", "value_name": null}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SCHEDULE", "value_name": "NextAtJobId"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["2da828b54cc7c85fa25182d55f2ef7690710d8ad22a5df23179dc505d35ac443", "4a89ae1b868933f4067bfdc29ecca224bb94916f1d155c51f3d3f9861db3c5e9", "5ab3200ac96674cdec552e30e0b1c20efe6531621219605860393914e0826a48", "7ab0b5bbf4e2347d5eaaf6cf275f4e814bafc3d4d98da746182183c7f283838c", "928aa0d0d3d37622d96a5c5357f4430e0e484e525ef756372249fbe217ed5543", "cebc360fec7b2e32daea22ed2c8bb052c13595f6b647751e209984ed47e06d67"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\PWRKXXZKWU", "value_name": null}, {"hashes": ["2aa5de88c3038847567d72f08146137a1a3253af5fd7092acb66a0f7531b8b95", "38bc47e511476df9f34594d08aad84c0ed42de23ef54dc07b6b0b2095562e15a", "be079a5ac45f04bbde4a697842c14955e58fe4e554c0c88df7ee135e5190ce38", "c9c6ee55e3ed58e2c8ff1b471bd907e3d39cd1d0fb576ff5e61095fc2b820017", "f7fb0f7e722e5bd82c5d399aefe6fa472ddf1884906bf21a94d5f15c460cc86e"], "key": "<HKCU>\\SOFTWARE\\PWRKXXZKWU", "value_name": null}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "key": "<HKCU>\\SOFTWARE\\NVIDIA CORPORATION", "value_name": null}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "key": "<HKCU>\\SOFTWARE\\NVIDIA CORPORATION\\GLOBAL", "value_name": null}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "key": "<HKCU>\\SOFTWARE\\NVIDIA CORPORATION\\GLOBAL\\NVUPDSRV", "value_name": null}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "key": "<HKCU>\\SOFTWARE\\NVIDIA CORPORATION\\GLOBAL\\NVUPDSRV", "value_name": "value"}, {"hashes": ["92fa5602d38ba61961c7965c9fa12478bb0bd427edb538b23e230e2e0e1219d5", "e2c1ec487b0b78aa02e1b39d17d9ae2f4b2442682eb709090752852ea5587c0e"], "key": "<HKCU>\\SOFTWARE\\NVIDIA CORPORATION\\GLOBAL\\NVUPDSRV", "value_name": "GUID"}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\DEFAULTICON", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\OPEN\\DDEEXEC", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\PRINT\\DDEEXEC", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\PRINTTO\\DDEEXEC", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\OPEN\\COMMAND", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\PRINT\\COMMAND", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\SHELL\\PRINTTO\\COMMAND", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\.EWRWER", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\.EWRWER\\SHELLNEW", "value_name": "NullFile"}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\INSERTABLE", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\PROTOCOL\\STDFILEEDITING\\VERB\\0", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\VERB\\0", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\VERB\\1", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\INSERTABLE", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\AUXUSERTYPE\\2", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\AUXUSERTYPE\\3", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\MISCSTATUS", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\DOCOBJECT", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\DOCOBJECT", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\PRINTABLE", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\CLSID", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\M1.DOCUMENT\\PROTOCOL\\STDFILEEDITING\\SERVER", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\PROGID", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\INPROCHANDLER32", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\LOCALSERVER32", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\DEFAULTICON", "value_name": ""}, {"hashes": ["de2094b490797bef79d9e976680173bcdb5b19fc6fcd21e1cf2435ca12ea2327"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WOW6432NODE\\CLSID\\{6BE5DA11-C105-4993-A62E-46D6E8337AD7}\\DEFAULTEXTENSION", "value_name": ""}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\XAMECO", "value_name": null}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Adlafu"}, {"hashes": ["451f0e85df2d6d6563dafade3735944b2904ce0275e6d25c4b2e68c56f4258b6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\XAMECO", "value_name": "Zufiwiq"}]}, "reports_count": 24}, "Win.Worm.Gh0stRAT-10009166-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-uses-armadillo", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-modified", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "process-requested-file-external-drive", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "process-taskkill", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "4e5e197080a63a25d5a20a819874c6a5e474543403fe323bb4ac1ce049d14ddf", "51966d8727f0b01b58705d9bcd608f1cb98bf102908108e8632a1ae753ef0707", "520c48ef6490e46b5b3101f04dd16267459aea3d65e2921f662694082c636605", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "538259b6b7e13dfee74284889098529b7fd1bb24ca7dcccf69d208c544d15307", "56aa01a911cbaba0dc74c137bcaefd2aa22992ae9d98994b585b1f6e243c5c62", "59662ae7af59f7608e7fa2d2398dd8d94a38100e3af11e0d8b01bb1080b898a7", "5b00a22aecd9fa4aaa8895c3a9f2e3c24370acb85592cdb06057eb7641f958e7", "60a73b0f4d0e494f99b9dbe1b154689fcd54aff3901c855fe9028d0fbf9545f2", "61e87b832ce0f2f8f135e7c8edb2bbc17f72fca690b590af0541f7a81798709a", "62e5e4d4eea08888a86da7f1c9367c4c8baf2767275662f07bedc555c6f07a55", "6375d46a5adad79217f87e9453420e0bb940e151d53fcbd4fa61fa10bc4bb66e", "63a5eb861c29f0aaf31b102cd720eb95e01939bdcf03f99c1a2fc778f9614fb1", "65ac7f7facb6fdad5a03115a165675328a6e5365912e14bf8a917f4c9e848d2e", "68789fbe7f08ebfe1a50db4c1c7125dece424834679341831c9eb4e8fdd3818a", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "6ae7312f6c0ecb0f27b5185fd0ab584133edd7678405916f187beee7f9fc02d0", "6b35e172d737e0e6720abb819ee51723aba33d0f088c4c9dd8aaea506ef5c153", "6dbd2f63eeabb311a78ff024e042150755b1cf09f7cc75528c9d27dd8ed326fe", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "799a79f9be989ca9128665fd35d4f8ac28debf2d7e0839162726d5180dea4442", "7cb098ca7cde8aabdd6f15834570ed6ee0e4760a91df1b8ef6405c3769fa635f", "7e5f1eee3b9e8e44294e611c577796056c55c645a8ff67826aab657ea5c9cdd2", "7f2cc9eeefb0163d2c3c858205e2820e3569f59aa1a835b329bfec0347994ec3", "82044aafd6f4f60a9b58ee8dafad4a6fb2b676bacc2cb688dfb085522063d332", "84bcd40ab4bd7f29e3f713cfc80b22f902cea57c2940dbe923fc313913822fc1", "860cbe609aadb9153a1645d324998005a7722d3bac620da7ccd3f3de64611709", "88eb420254d6afd44eaab65294eeecd877b42088ee032cf7dd0329f501ea73d2", "8aa94e4ed101ce2f2bbde9728bc67839fd543b8c90f81a9db395ec85eddfa726", "8bc9e44bd9b0c9918d10226ba96bcd9903479751735b4e82056da73a75dfa8bc", "9212ac1bc3a90548c8457404d34b3e0847d27158b3df6776188211cfd8ede735", "93a52e48cfbecd6990c2ec9a1f3e0bb8ac7c4ffafc063b96d6caca17da45bb13", "9bb52c8b233c21ac5ef483e8d7bd61cb41a906196bd4e032cade130080db71bf", "9d36f28901fef6649cee9b4239ebe5c94e795201747527c263b0446b4dccd36d", "9ed1cb575c21c013925e21f36d29c6c3ed9d3d3cf5330d83be9e1e225968737e", "9f8ac33578f8163c2fe1f14d711ed0f3a18ca7a0abfca4bbc191f6dfda4cad73", "9fad4a978e1e4c6bbf3e7bc8fb05ac6f552a7867f77c0f00fd32432f98c2a1c8", "a17a40fd6b3ed8c7ec08dd744f1715c538f155c7eb7fc78cee373751fed15f21", "a7e6c589c8bd989e7c8c12b696def47a993725cc3afa0fdc27888c06a3a5fd70", "ab540172d03a44e11e53b19a2e3c867ac6656a4bf2ce4ce3ee004c1a91262440", "ace5df68f0adcf66633095323805dd72557cf861f482482aefac22b43baf2994", "b1eb2feee316caeedabff72a9ac231766b6edeaf77d7767b2511b96514380007", "b213d059a03eb90819b646d2106ef72d9aa31c54f3b628426a2d20120c25f787", "b2d70b929cd82f65e2aee0c8a7bfe5f829f5ab31b37013ab558b4b8369027712", "b31a26063c124f3fe0f4b2879e7fd95b26a603e31b71ede1736772bb17c6554f", "b41bbb0f6655946aaa52d105d92b3622d2615564a2acaec420fdfb2b5fc87ca9", "b54b9be8360c158666903bfced6657aa9beb40662a1ebb9fd1258508eb91a13a", "b9ba659a2dbd52736a596508a1973e8dd5637ea745a0fd4a35c7fbe23b3fb7a1", "be0ca6763d28c64962b0acd5770d42e85c4ad7c9212a34074afcf0d5a5110a18", "c15028cd7d2156b6f26dfac0701635c6aa56e46890e3414ad9603ff9c1194da9", "c18e8cc1199571fb22f26a6521f94d1f064307c997147fe9cfb52af28c276138", "ca0a27f2422fe595478224dfde41927d3db59cbbf83571237af9182cd4be0d52", "cc18276d560ede3b10509f2f47e6b9b44f48e6ad7a13c0d64b15ace4e1898161", "cd6f9d58810671442b2755b350f9883a6de83d6c8af679c42c9281a207016688", "cec440866cc7f73ff1dd565456d03273f9a55e820abd31eabfc4c82be6e27f10", "d2574b90919fde34e1005cddb350b0b71c69e54be86d87b40e3ec32f05ee5d1e", "d2dad458cfd66fd7ae2361161bbccc1d2d852585c485e7da1b451c4ec76ee986", "d3715358583b14e196f074c1cc47ea40e8042e841f0b2a1679c9c0ddcbcee0b1", "dc5d5ffce960d5aedd0a2f43016c4e5b2eadef9624f4ec98eefb6ff7e2b38467", "dc79e3a53e86db37fd92550c4b8e3b3556b1e44fe4f6b4fb52cbe727ebbdc0c1", "dc9edd6d261975aa3a4e695883ea5b263d401187c7be6914acdd98590cd452b1", "dd2f1d8af6b87e02a86680bd933eaf86b5f569071141847a638a628605ec1f84", "dec9a3da085f4585a6e1d6b130b22276379e00d8246234acdb98d12dc47c6b8c", "decd5317a10b4db0eb424fb82c44ea6f9cea4a14b81a84a65bcd76c3306f40aa", "e312de6afe81b326fdd4d3b1fd26991793a87aa6b3590c42efff51a57257b837", "e6c0bab6cdebc80b679406cbd7a7ddde3433e8f9fac94285369934075a2665e5", "e980672f0f73dc02e47cfc6b756805265923c9d461deab55c6dfb17eecdb1c8a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "ebe2d4696f35944d8ba0bdf6c51699bf0ec338aec33526fd40241319b7510e3e", "ed62675523d1525eb33677f39ff26dd4a696458d87d9740846c4968cb8125163", "ed9e94859a742445e7b1eae5bc33a212eb1543635da3d68159ba42973f9b80d2", "f0fbf72d96076661d82d45c013e5e207a8e49ecbe61a5a2ada91509377b155dc", "f2609d1ade6159c8dd2a98c376ce3c1842e12af4cfe43db3e95199eba517a1f7", "f419e3b1585c85f00051324a45522de658d91093e0e1a179ba42e4b0883b746c", "fc9eeee11ec3f886c31ead1e2963e1aba48da4b26bf294fbd01f95b75a2b8954", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "iocs": {"domain": [], "file": [{"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "path": "\\1.txt"}, {"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4"], "path": "\\<random, matching [a-z]{7,15}>"}, {"hashes": ["3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806"], "path": "\\lrcmq"}, {"hashes": ["3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806"], "path": "\\lrcmq\\wybmh.ymw"}, {"hashes": ["3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806"], "path": "\\lrcmq\\ReadMe.txt"}, {"hashes": ["778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7"], "path": "\\fejyf\\svamaxhsy.vms"}, {"hashes": ["529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4"], "path": "\\efjqqprp\\abtvmh.bva"}, {"hashes": ["690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4"], "path": "\\svqpd\\pcgdt.cdp"}, {"hashes": ["77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a"], "path": "\\vjrfw\\idvsblp.dsi"}, {"hashes": ["e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f"], "path": "\\bguta\\vzihmd.zhv"}, {"hashes": ["fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "path": "\\imzbs\\lgccxccv.gcl"}, {"hashes": ["0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2"], "path": "\\udbstlvp\\idbat.dai"}, {"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14"], "path": "\\xihzc\\otojrb.tjo"}, {"hashes": ["2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3"], "path": "\\dzsvfx\\ixzyo.xyi"}, {"hashes": ["1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a"], "path": "\\yfahi\\qbifb.bfq"}, {"hashes": ["0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0"], "path": "\\ymcmn\\oklllrus.klo"}, {"hashes": ["0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb"], "path": "\\lhjdg\\kmsxaybss.mxk"}, {"hashes": ["0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7"], "path": "\\qultury\\xpjhq.phx"}, {"hashes": ["3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4"], "path": "\\opawz\\dzsvfx.zvd"}, {"hashes": ["37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b"], "path": "\\lmvot\\wgqdg.gdw"}, {"hashes": ["14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681"], "path": "\\lwajlifh\\wfijai.fjw"}, {"hashes": ["4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2"], "path": "\\ffrycfmqw\\kilqo.iqk"}, {"hashes": ["46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f"], "path": "\\lyonu\\ywprw.wry"}, {"hashes": ["0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a"], "path": "\\cvszt\\vgixf.gxv"}, {"hashes": ["46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59"], "path": "\\ytzagw\\enawc.nwe"}, {"hashes": ["0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003"], "path": "\\arase\\okyjm.kjo"}, {"hashes": ["1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7"], "path": "\\xnskx\\ugzoj.gou"}, {"hashes": ["2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807"], "path": "\\vdxqp"}, {"hashes": ["2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807"], "path": "\\vdxqp\\bhfqthvo.hqb"}, {"hashes": ["1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7"], "path": "\\xnskx\\ReadMe.txt"}, {"hashes": ["0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003"], "path": "\\arase\\ReadMe.txt"}, {"hashes": ["2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807"], "path": "\\vdxqp\\ReadMe.txt"}, {"hashes": ["3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203"], "path": "\\nsdad"}, {"hashes": ["461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc"], "path": "\\mhase"}, {"hashes": ["3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203"], "path": "\\nsdad\\pndjvtij.njp"}, {"hashes": ["461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc"], "path": "\\mhase\\ldius.dul"}, {"hashes": ["13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc"], "path": "\\ffpeg"}, {"hashes": ["13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc"], "path": "\\ffpeg\\nucmj.umn"}, {"hashes": ["29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693"], "path": "\\etjsrab\\awauu.wua"}, {"hashes": ["3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203"], "path": "\\nsdad\\ReadMe.txt"}, {"hashes": ["461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc"], "path": "\\mhase\\ReadMe.txt"}, {"hashes": ["13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc"], "path": "\\ffpeg\\ReadMe.txt"}, {"hashes": ["29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693"], "path": "\\etjsrab\\ReadMe.txt"}, {"hashes": ["2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4"], "path": "\\beurn"}, {"hashes": ["2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4"], "path": "\\beurn\\etjsrab.tse"}, {"hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb"], "path": "\\cltqp"}, {"hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb"], "path": "\\cltqp\\jefvt.evj"}, {"hashes": ["2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4"], "path": "\\beurn\\ReadMe.txt"}, {"hashes": ["1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb"], "path": "\\cltqp\\ReadMe.txt"}], "ip": [{"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "ip": "174[.]139[.]65[.]205"}, {"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "ip": "174[.]139[.]65[.]202/31"}], "mutex": [{"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "name": "174.139.65.202:8760"}, {"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "name": "M174.139.65.202:8760"}, {"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "name": "Global\\<random guid>"}], "registry": [{"hashes": ["0928b208eda785ce3b6dd30394b6b90dbdea76a0f2fd65fdae8915714ac13e14", "0b207e4f2eaa00a98bc87cf51827b730e4d823f46c492a759873b63564e7953a", "0b8d9ab9cef9788c0aeedc4e3e97d0beb97ceb0e7c12eabf1c60565943dd9003", "0c323607d2da2b037f653f7b4bdf0449af06dfaafb5305419e16d343659f59a0", "0d82fb3fe78d96cbd43233f7f934d14b57b32e2e885efd51585e35bd1375f6eb", "0e83bb6a294b29cb16272f8394ca2db4225a98f35ef047647bcd5c3b36109ea7", "0ebe5ed6048caa21385ac2b5e55f9df4c61e942f494cac696ffdc2e3a377a5b2", "13b58a0b9e0299384d974dbc4659259f5dec852e113f538aecb8fabbad5ec0bc", "14678d3fbb856dfea61b3e81cf7607deb8588850ca6c9cb38441241b38287681", "1487215671dcd51736ad33700aec2b2149cc51625d8cb3ac011b10c42e532fb7", "1d0596d38545b9c1a60eabcc671f03e075d8e2e8f5f2547c960a2ef5609505fb", "1e576f6acadc56500830da6ae13861345775bb6b7941f73b61ce885ba37aaa1a", "2092d97a4a9f1fd85b589960ee3f0c98a457686f237490285437fbed10d35dc3", "29d27a8107d83363420d8d45f5c340e629163deed591ea3625247d0bf9c40693", "2bc8ebf57281a0805dbc07347251f686a5418a420c394208b94674d6d57990b4", "2c9d9989e7267ae8f3dfc01116b41aad1124888912df5187746abba0b6f50807", "37130b59f87c43ca300a79298a047e791aba826f3cc1d7461e63f2a80d8e812b", "3b6ba0f4ce75517a2d69d92e1da04853e6cd9fa773ec7d3039e93beee6a0b429", "3c50f19863bc5f1023fec8b5e03262d0a6d4a76685aee1474df098d2934f6203", "3e4fb27f34fd0b6d2a01662f55f58ff22c0d5cb887f35adbefd369e08705eaf4", "461c3d315e4b725d3425c9417ccb0bb47d01dcb80f52f14460d32aa58af9c7bc", "46c699d350e35220ef6efa1b58cb85646b1ef785f902bab0f5ec9b10ac2b1a59", "46f1585ff31eee85dd9b5c63a98815f41fd95e165d1421f2fdcb1bcf3ae5be0f", "4989909a5677404429a257a199d2f1efbb8d6d54d88e85ee4fe93fa55e77b806", "4ccf0760f8e7502b9a57b00b38df835ecf61d3689d573755b5eb20f1bc6d43b2", "529d000384f33de93c8af36e461aa8529946c1024c3fbabecfec09e3f756f5b4", "690eb818d1d443e4da16797138f178a97c3539b54643453df74eacaf7ff59ac4", "778445fa5d26b742c6ac457ae7f639b7acdb2f82ed18c8193cbb1aa38c1615e7", "77ab9af7b7a3d14eadeadcc2748801a1644002c19ad20f1b7007d2b9a94fb63a", "e9ac6b40bf9a9709f99914adb58ea83a2e25fa61c13a1d4e17518b4c86341e0f", "fdf898a56ec85ecc8da872501f7f47fa459f3d89409b766d96efc5a4c6ae9728"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "EvtMgr"}]}, "reports_count": 31}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-09-29T15:35:10+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Packed.Zusy-10008867-0", "Win.Dropper.Tofsee-10008793-0", "Win.Trojan.Fareit-10009186-1", "Win.Worm.Gh0stRAT-10009166-0", "Win.Dropper.Zeus-10008893-0", "Win.Malware.Generickdz-10009245-0"]}