{"Win.Downloader.Upatre-10011416-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-sandbox", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "memory-execute-readwrite", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-pe-no-dos", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "pe-packed-mpress", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "http-response-redirect", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "malware-zeus-gameover-variant-detected-enc", "hashes": ["b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "cf9a52c278cd6e5f4e61670c5b8f4b466d87ce42002c4e085cf1301b54cd4f17", "d004fbb14441762c5007f5a5b33e14ceaac7daef656f76521076da8bc27e5add", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d4a1c279dafff769415aa25c05b73efcbecdaa258a6c60b3a528170b4197f8b1", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "da82a27ce551d6b670151df839f3f4c2abaa47feb0191c204eb160ab50fd37eb", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d", "ea6865fd449927df86a7e18b5973ec5bca3467eaba008abfa23a8c848040d8e7"], "iocs": {"domain": [{"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "host": "apps[.]identrust[.]com"}, {"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "host": "salahicorp[.]com"}, {"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "host": "ren7oaks[.]co[.]uk"}], "file": [{"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "23df6b20b96ae652d532416298621da60c32cbf15762cc181d43f26ed980c1a7", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "path": "%TEMP%\\budha.exe"}], "ip": [{"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "ip": "185[.]211[.]22[.]242"}, {"hashes": ["03783c7ce13fa114e8f8752218adf7bfa538098a550df3364a7fd69d767f9cfd", "1f496efb45301d0a4d0a41fd8dbd998e3075bce1631c018aa943c7d3fb083967", "4f1ad200a563ec7ca3b1d1151fbaff7ddd695c9c056e3d98c5323e9f02d40b25", "54e5900083763b04504d24aeb9b5c134eac3e784eab067e07630903c16a322d9", "57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "599f6ade2b8577d1020597472bb44c42b119a3b935415e7a3b55ff876ff4645d", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab", "9471bedea8d8b57b875ed67abd082fe13d4fc4f795c1cdfb45dbb713505ad23a", "c8a4e4d49db5946005ff0253342ceaa7e3aa9448c7586b3416cb54a388bff07d", "debf54188aa29236c79c49046bbc7465ad2c5419d830bea5a6dfcdc732ab667d"], "ip": "23[.]205[.]105[.]157"}, {"hashes": ["0b87dad19fb92148113f48a6b49d0023e1c34003793c1cb67850c5e2d9c58755", "0f7ab72492dfe10804ba22a630148486d137a0f8cb57c3a48a48355d6be69707", "2a3c8198840e7b55aec2f79aade39baa01f66921b2c6077b8261944bda68b8c5", "2e9a44b5434ff209387fdd456901a679d6577874afd71208fb9c3046fef51883", "3a7c36c7c377963e76e1192f58808c6693c92148573559f61607a07a2c24ad6f", "7501fab5ff915e31cab34c5207751f5c422c3b97c53f68aa6ff7776b81a9b6a5", "b05014f4ad4b0f6ea82236fec9030dd92c04601d5482b5cae0a3e1ded0460de4", "cef99893452cece8788071154e9f3417600691a555a23093c39341bfe1ef2c3b", "d176a06c2045d342351fcd759d83de6480c3d1483b636e29278ff5d0c3adfe24", "d9f91411b0617e0869c881dcbfea80d3e8e15f19a41b947b94762896e07c1bd5"], "ip": "23[.]205[.]105[.]169"}, {"hashes": ["0c499d7a858682d75c7ca11ed919e44307a8f9bbd6ea91e6d7d9fcfea3d01ff8", "123eb4da91b065d629afe30d6fc6e37465ad017abed80fe4d94d15b5324008d6", "5c9d1828a67d8af3b2bd5fa9037cc64c995dda3270b60f4326acfac2e9206d8d", "68e9468cdf8c33bdf1c02bdb12f056a0336ea20a60891bf4678ee31faf1a76b5", "7c7c0662a8ea3f52cbd2ad44c68fcd9469b5ab1284d2366880477b45e53eb6c7", "c0bf0423e9d81f5d6e3607a8f072c595c70c5549d02d3aed43d4a3fd514c6a82"], "ip": "23[.]205[.]105[.]153"}, {"hashes": ["01d39073e8023b463aeeb09d7d745b79fd4d1d570448c41e1fbe290e4c24220e", "7865a38ee6cc666d6bb6f395d423aea7ded6d6a9e9da8c79c61142a2f739efa6"], "ip": "23[.]205[.]105[.]146"}, {"hashes": ["a0baa12791570d5cd7f6ebd20bd49bb7365693442096b72687fcfd3eea926970"], "ip": "23[.]219[.]154[.]136"}], "mutex": [], "registry": [{"hashes": ["57eabd449ebd30730b3a2a20958fc8faba9c2ddb7e68dd4e791df98a50eb7e08", "87f39a0275aecbd0529b84b4815ac2429da6fcbb744a684335ad6ffa650f2eab"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STARTPAGE", "value_name": "StartMenu_Balloon_Time"}]}, "reports_count": 30}, "Win.Dropper.DarkComet-10011490-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-modified", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-program-dir", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "process-explorer-suspicious-launch", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-safe-categories", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "DarkComet and related variants are a family of remote access trojans designed to provide an attacker with control over an infected system. Capabilities of this malware include the ability to download files from a user's machine, mechanisms for persistence and hiding, and the ability to send back usernames and passwords from the infected system.", "hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "iocs": {"domain": [{"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "host": "tigersa[.]no-ip[.]biz"}], "file": [{"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%APPDATA%\\logs.dat"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%TEMP%\\X-GRY-X.txt"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%ProgramFiles(x86)%\\windows"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%TEMP%\\GRY-XX-X"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%TEMP%\\uU-GRY-Xx"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "path": "%ProgramFiles(x86)%\\windows\\lass.exe"}], "ip": [], "mutex": [{"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "_x_X_BLOCKMOUSE_X_x_"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "_x_X_PASSWORDLIST_X_x_"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "_x_X_UPDATE_X_x_"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "_y_X_PASSWORDLIST_X_y_"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "JoKeR_MaSK_SEMUTEX"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "lass"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "lass_PERSIST"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "lass_SAIR"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "name": "GREAME_RAT-_-MUTEX"}], "registry": [{"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\LOCAL APPWIZARD-GENERATED APPLICATIONS", "value_name": null}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{1ONY8XDG-DX6S-CQ0K-8R1G-272WTPXC6H5P}", "value_name": null}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "Policies"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKLM"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "HKCM"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{1ONY8XDG-DX6S-CQ0K-8R1G-272WTPXC6H5P}", "value_name": "StubPath"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\NOTEPAD", "value_name": null}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\NOTEPAD", "value_name": "NewIdentification"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\NOTEPAD", "value_name": "FirstExecution"}, {"hashes": ["01b01c090edaec7b0cfd0b6354c66e696130f484edbe71b730d63f8d941f71a1", "1a368187dbc3d13c67f69f122f2420cd4a87bfd3d87a3efd2105d28de04eb817", "1d1309c1d4851b6a9c86fc17097325bfce70964548d5a9bfe700dd4c64dfbeba", "2c76ce0aebb7e93a981dd47e712c1461ed3f5aac5ab5c440668d00522f9418b0", "2cd4442ad9276beaa4059620cc716572c23a52668eb1dc8374f01d5f54c52bc3", "2d73a63f0a5c565e55661a1aef0344a26431046417c9cc15c16b8695e1f97547", "3e69bd53a6343bb72380184dd0c8b410c42d8ae73ba06b209293c3213cff7a56", "471c39751ac6b560567fffea6af72fec4c169d5dbb9b4ee5c6f000d084d4f2a2", "65af16839bf587ccc768a72388974eff49af308602588cfcbb11062311cba04d", "7f05a9d3b9ca35d54b542f550eb34307279922bd95b3041dd93ff52f736d522d", "8e618ff246cbacd3a40cb407d1930e764f924809a73fe72136a4d6f975388afc", "96ce4dc0acc185fce6ebf43194ee47d58e18eacb05a71eca3f389823574a38f0", "a487474d0476a93ca474b9874a1b3729adcbe25c2da368277b1a2cba64ccf0a0", "a7efeacdcf8508e36b4b917141fe37bd427995955c93617ec40d002742a9c93f", "acbfbe381bba59151af2ac2309451d3a4850407724f58eba69eb67b98ded2004", "b0810d35107bc6b30cbaaa2e0dfd42f70a5e16302128a653af4ab4f7128f4bf8", "b6f4e980ceea8c55e78ce9d9768bfe901790f13d9e0aa1b03fabf26f3873ae54", "c65a2f53920f6403b649570b8b98a120a9e9db472f4a89e0d027ed345acc486c", "c8799d7d6f8b161b4e1b3ad06d66584da7e24ab2ef741eae73f4ad0545626559", "c988702baf4bae86fb2da35b5c1ab466764fffa8fc4acb6c6a5e2ff3fc56fbee", "ced5fffd715ac29276b0e655fc8d1b353ae3988a0fa134343a4eccd70eb94812", "d7743498bb6c17664b8afa43212d90653bc8a74804543af34667255bd7a3aba8", "d9c50f22e3c9d5dd9edb80b0857c00b6f8262053afa6643365b9918571944e80", "dfb79015230e4b5d5e7a32b0dbfc5193e6e65865b6b798525451027782dadc3e", "eacb36be8ba58d3138acded71542fb68579ba0144c15699b412196252d75da53", "edde50cecd584dc4bb0419a06af73235b83fe46e881a5e3c87448be8d64a4497", "f533093c240b5a3f95eb67de36855a75bd2df68095b5bf50f92e3d5bebed69db"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT", "value_name": "PIDprocess"}]}, "reports_count": 27}, "Win.Dropper.Glupteba-10010808-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "enumeration-browser-information", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-modified", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "potential-registry-persistence", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0003"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "artifact-windows-task", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "windows-util-schtask", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-exe-file-execution", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-empty", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "excessive-process-creates", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-certificate", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-exe", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-header-subsystem", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "windows-util-bcdedit", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-vmware", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-discord-domain-detected", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-stun", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-null", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "embedded-pe-resource2", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "file-ini-read", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "script-contains-url", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0003"]}, {"bi": "firefox-cert-database-modified", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0006", "T1555"]}, {"bi": "firefox-password-manager-local-database-modfication", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0006", "T1555"]}, {"bi": "firefox-prefs-modified", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0009"]}, {"bi": "sc-service-stop-windefend", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "ie-proxy-enabled", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0009"]}, {"bi": "ie-proxy-settings-modified", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0009"]}, {"bi": "registry-autorun-key-points-to-temp", "hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "mitre_attack_tags": ["TA0005"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "iocs": {"domain": [{"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "walkinglate[.]com"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "host": "stun3[.]l[.]google[.]com"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "stun[.]stunprotocol[.]org"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca"], "host": "stun4[.]l[.]google[.]com"}, {"hashes": ["902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]mypushtimes[.]net"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "host": "stun2[.]l[.]google[.]com"}, {"hashes": ["902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94"], "host": "server9[.]mypushtimes[.]net"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]haoshuruzhiyou[.]co[.]in"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]cdntokiog[.]studio"}, {"hashes": ["dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "stun[.]sipgate[.]net"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "host": "stun[.]l[.]google[.]com"}, {"hashes": ["84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "host": "stun1[.]l[.]google[.]com"}, {"hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "host": "server1[.]zaoshanghao[.]su"}, {"hashes": ["bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "host": "server13[.]cdntokiog[.]studio"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]zaoshang[.]ru"}, {"hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]zaoshanghao[.]su"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9"], "host": "server6[.]safarimexican[.]net"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2"], "host": "server6[.]haoshuruzhiyou[.]co[.]in"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]safarimexican[.]net"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6"], "host": "server16[.]zaoshang[.]ru"}, {"hashes": ["d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "host": "server1[.]haoshuruzhiyou[.]co[.]in"}, {"hashes": ["69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed"], "host": "server5[.]ggjump[.]ru"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "host": "server7[.]cdntokiog[.]studio"}, {"hashes": ["dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "host": "server4[.]mypushtimes[.]net"}, {"hashes": ["69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]ggjump[.]ru"}, {"hashes": ["84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "host": "server11[.]rentalhousezz[.]net"}, {"hashes": ["84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]rentalhousezz[.]net"}], "file": [{"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%SystemRoot%\\rss"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%SystemRoot%\\windefender.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\injector"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\injector\\NtQuerySystemInformationHook.dll"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\injector\\injector.exe"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "path": "%TEMP%\\csrss\\tor"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\extensions.sqlite"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\key3.db"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\localstore.rdf"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\mimeTypes.rdf"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\prefs.js"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\secmod.db"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\signons.sqlite"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\webappsstore.sqlite"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Adobe\\Updater6\\AdobeESDGlobalApps.xml"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Adobe\\Setup\\{AC76BA86-7AD7-1033-7B44-A95000000001}\\Setup.exe"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_CValidator.H1D"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MKWD_BestBet.H1W"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MTOC_help.H1H"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Microsoft\\Crypto\\Keys\\d6d12608dbd45ad0aba7e7f02cde40f3_d19ab989-a35f-4710-83df-7b2db7efe7c5"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\bookmarkbackups\\bookmarks-2020-05-26.json"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\bookmarkbackups\\bookmarks-2020-06-03.json"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\formhistory.sqlite"}, {"hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "path": "%TEMP%\\csrss\\f801950a962ddba14caaa44bf084b55c.exe"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6"], "path": "%TEMP%\\csrss\\dcb505dc2b9d8aac05f4ca0727f5eadb.exe"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Wuyrdyrrfi.tmp"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\s"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "path": "%ProgramData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_2dcd5935219bb61e_38781b62d385cd7292d519c3cd4ecc6a2aeb055_cab_2340f9f9\\WERA7E6.tmp.WERDataCollectionFailure.txt"}], "ip": [{"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "172[.]67[.]212[.]188"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "20[.]150[.]38[.]228"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "185[.]82[.]216[.]48/31"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "ip": "20[.]150[.]79[.]68"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "ip": "162[.]159[.]135[.]233"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "ip": "172[.]253[.]120[.]127"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "162[.]159[.]129[.]233"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca"], "ip": "74[.]125[.]128[.]127"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b"], "ip": "185[.]82[.]216[.]50"}, {"hashes": ["69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "ip": "20[.]150[.]70[.]36"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed"], "ip": "142[.]250[.]144[.]127"}, {"hashes": ["902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94"], "ip": "104[.]21[.]23[.]184"}, {"hashes": ["b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47"], "ip": "142[.]250[.]15[.]127"}, {"hashes": ["08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395"], "ip": "142[.]250[.]112[.]127"}, {"hashes": ["dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "ip": "3[.]33[.]249[.]248"}, {"hashes": ["2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9"], "ip": "185[.]82[.]216[.]65"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "ip": "173[.]214[.]169[.]17"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "ip": "178[.]236[.]247[.]232"}], "mutex": [{"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "name": "Global\\SetupLog"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "name": "WininetConnectionMutex"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "name": "Global\\qtxp9g8w"}, {"hashes": ["4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["2754883908b96204bbb60cfa0822701549ee115eb6028555a90c0cdbe0495c7f"], "name": "Global\\923de961-62ac-11ee-9660-001517289b0f"}], "registry": [{"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Type"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Start"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ImagePath"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Type"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Start"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ImagePath"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Type"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Start"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ImagePath"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Type"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Start"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ImagePath"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Type"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Start"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ImagePath"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "WOW64"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ObjectName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "csrss"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INSTALLKEY", "value_name": null}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": null}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "DisplayName"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "Publisher"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "UninstallString"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFENDER", "value_name": "ErrorControl"}, {"hashes": ["086371131dd2487c7dbb05bc1e67afb2d18e85df7f54facecf8b04490fd269b2", "08b281c516048087ec8fab4cfae4b5546e02eefdafbc95dabb55c942c4c16395", "2ffed7363cf4bc5a5ff7d27646fea7ac1ae0dd7e1332ea604a8da1f99d57e0f9", "4feb8163d161750583d541adf29b61e3e493aa8ee474e927f0ce5d9c3c0b49a6", "69275d573d4a65c61094b3791d93f60ce492f15d98fcffaaa081b81fcf9bd2ed", "84b3e26f8885900c196d3cd32c2a2b3be75351e8e3b5aea38c166dd0fa2abf47", "902b0087fb710e4f361248356292ecca1309f980bf00cd9d97d4d2eb5c3bbcca", "a6cc331a1f7b6f2e81a5edf4ff093e2c4664553e0b899592164320d71d0d2e94", "b819b7e697eae7d6d679790d8708d4d71e0b2e2f4dd3bc8aeca8b5522bafc8b4", "bd853acffcff627107f4a5222043b3b56867d41a51e7d5e069b9fe91f892feed", "d48dd78cfb8ac01a3f0015489a1e87e5d8d732d15d3fcc241c684e1e610be75b", "dfb6425a4926b59bdb800173fa75f296a8066057587e1ddf712ec9a670cce2e5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "UUID"}]}, "reports_count": 13}, "Win.Dropper.Nanocore-10011208-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cb17955c8f1a7c7649b5a53d855898a2834f95a4bc052a249d637de20ccac17e", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "fb755b396eeac9da53149162551ba0a052851026f15a12b2b5240a9bc6716377", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "2f79337e254db1abc0df8e59f15b97e3f6325c8118f9563ef514d569e90dee34", "a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "b56f043f756603fd39d94dc38fcd472c38014c93797eaee14851eaf9815e2801", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cb17955c8f1a7c7649b5a53d855898a2834f95a4bc052a249d637de20ccac17e", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "fb755b396eeac9da53149162551ba0a052851026f15a12b2b5240a9bc6716377", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "2f79337e254db1abc0df8e59f15b97e3f6325c8118f9563ef514d569e90dee34", "a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "b56f043f756603fd39d94dc38fcd472c38014c93797eaee14851eaf9815e2801", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cb17955c8f1a7c7649b5a53d855898a2834f95a4bc052a249d637de20ccac17e", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "fb755b396eeac9da53149162551ba0a052851026f15a12b2b5240a9bc6716377", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "2f79337e254db1abc0df8e59f15b97e3f6325c8118f9563ef514d569e90dee34", "a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "b56f043f756603fd39d94dc38fcd472c38014c93797eaee14851eaf9815e2801", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cb17955c8f1a7c7649b5a53d855898a2834f95a4bc052a249d637de20ccac17e", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "fb755b396eeac9da53149162551ba0a052851026f15a12b2b5240a9bc6716377", "2f79337e254db1abc0df8e59f15b97e3f6325c8118f9563ef514d569e90dee34", "a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "b56f043f756603fd39d94dc38fcd472c38014c93797eaee14851eaf9815e2801", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-executable", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "deleted-submitted-file", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-dns-category-dynamic", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b"], "mitre_attack_tags": []}, {"bi": "process-windows-script-launched", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "file-ini-read", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "files-deleted-used-batch", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "created-executable-sample-appdata", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "pe-encrypted-section", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "registry-created-user", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "enumeration-email-program-information", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "hook-installed", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "malware-remcos-mutex", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "process-long-cmdline", "hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-remcos-path", "hashes": ["f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-rat", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-program-dir", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vbs-creates-and-runs", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "process-check-zone-identifier", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "dns-public-server-contacted", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "artifact-windows-task", "hashes": ["fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-communications-http-get", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "network-http-blank-user-agent", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "malware-agent-tesla-filepath-detected", "hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "mitre_attack_tags": ["TA0009", "TA0006", "T1123", "T1125", "T1056"]}, {"bi": "network-snort-malware", "hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "mitre_attack_tags": []}, {"bi": "artifact-memory-vm-detect", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d"], "mitre_attack_tags": []}, {"bi": "malware-netwire-rat-registry", "hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "dns-query-nxdomain", "hashes": ["f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "potential-registry-persistence", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-system-dir", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "malware-luminositylink-rat-registry", "hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "mitre_attack_tags": ["TA0005", "T1112"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Nanocore is a .NET remote access trojan. Its source code has been leaked several times, making it widely available. Like other RATs, it allows full control of the system, including recording video and audio, stealing passwords, downloading files and recording keystrokes.", "hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "2f79337e254db1abc0df8e59f15b97e3f6325c8118f9563ef514d569e90dee34", "639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8", "aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "b56f043f756603fd39d94dc38fcd472c38014c93797eaee14851eaf9815e2801", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "cb17955c8f1a7c7649b5a53d855898a2834f95a4bc052a249d637de20ccac17e", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee", "fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb", "fb755b396eeac9da53149162551ba0a052851026f15a12b2b5240a9bc6716377"], "iocs": {"domain": [{"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "host": "manafuuh[.]ddns[.]net"}, {"hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b", "de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]gedhang[.]win"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]regular123[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]centronasser[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]sondcn[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]techotakus[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]oligo-le-nuton[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]hobonichidouga[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]spasence[.]online"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]lovendwild[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]urgamesim[.]com"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]1tzae[.]top"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "host": "www[.]coincoin9[.]com"}, {"hashes": ["f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "host": "onlygoodm[.]com"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "host": "rezkathryn289[.]ddns[.]net"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "host": "ben1234[.]duckdns[.]org"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "host": "cepastr[.]ddns[.]net"}, {"hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "host": "oluebebchi[.]duckdns[.]org"}, {"hashes": ["d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d"], "host": "locash[.]hopto[.]org"}], "file": [{"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "path": "%APPDATA%\\hpsupportl"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "path": "%APPDATA%\\hpsupportl\\logs.dat"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "path": "%APPDATA%\\hpsupportk"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "path": "%APPDATA%\\hpsupportk\\hpsupportw.exe"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "path": "%HOMEPATH%\\subfolder\\filename.exe"}, {"hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "path": "%HOMEPATH%\\subfolder\\filename.vbs"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "path": "%TEMP%\\install.bat"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "path": "%APPDATA%\\chrome"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "path": "%APPDATA%\\chrome\\chrome.exe"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\7433cdb324b04dd5e3c3db213381216c7c539baa"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "path": "%APPDATA%\\hpsupport"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "path": "%APPDATA%\\hpsupport\\hpsupport.exe"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "path": "%APPDATA%\\hpsupport\\logs.dat"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "path": "%ProgramFiles(x86)%\\Lqdfp\\systrayzt48dxy8.exe"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "path": "%TEMP%\\Lqdfp\\systrayzt48dxy8.exe"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%SystemRoot%\\SysWOW64\\clientsvr.exe"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%TEMP%\\tmp71CE.tmp"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "path": "%TEMP%\\tmp799C.tmp"}, {"hashes": ["de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "path": "%TEMP%\\638328895679992000_a7527947-e9c0-4fb2-9e24-567cebc4ca3f.db"}, {"hashes": ["fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb"], "path": "%HOMEPATH%\\hoogogogoogogouhdhfh"}, {"hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b"], "path": "%TEMP%\\638328894643704000_a7527947-e9c0-4fb2-9e24-567cebc4ca3f.db"}, {"hashes": ["fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb"], "path": "%HOMEPATH%\\hoogogogoogogouhdhfh\\hoogogogoogogouhdhfh.exe"}, {"hashes": ["fb12b01fcf79d933460bb7db24db9c4adc0e02f2efc879c495fa16bba3a562bb"], "path": "%HOMEPATH%\\hoogogogoogogouhdhfh\\hoogogogoogogouhdhfh.vbs"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781887"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781887\\outlook.exe"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781987"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781987\\781888"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781987\\781889"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781987\\781890"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "path": "%ProgramData%\\781987\\781890\\1"}, {"hashes": ["f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "path": "%TEMP%\\1514610773.bat"}, {"hashes": ["d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d"], "path": "%TEMP%\\1514510901.bat"}, {"hashes": ["cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "path": "%HOMEPATH%\\babababkdnhsg"}, {"hashes": ["cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "path": "%HOMEPATH%\\babababkdnhsg\\babababkdnhsg.exe"}, {"hashes": ["cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "path": "%HOMEPATH%\\babababkdnhsg\\babababkdnhsg.vbs"}, {"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4"], "path": "%TEMP%\\1514184500.bat"}, {"hashes": ["0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5"], "path": "%TEMP%\\1514196715.bat"}, {"hashes": ["cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "path": "%TEMP%\\1514192425.bat"}, {"hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4"], "path": "%TEMP%\\1514158775.bat"}], "ip": [{"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "203[.]170[.]80[.]250"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "213[.]186[.]33[.]5"}, {"hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "91[.]195[.]240[.]126"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "5[.]79[.]68[.]107"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "65[.]99[.]252[.]216"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "ip": "204[.]152[.]219[.]98"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "ip": "79[.]134[.]225[.]17"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "39[.]96[.]26[.]145"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "198[.]187[.]30[.]187"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "ip": "199[.]80[.]53[.]28"}, {"hashes": ["f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "ip": "194[.]5[.]98[.]83"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "ip": "194[.]5[.]98[.]81"}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b"], "ip": "37[.]49[.]224[.]172"}, {"hashes": ["de6f39611192f151bd3417c60c880356a8840d7f235a01d2f0b83206b5ccfd25"], "ip": "34[.]237[.]212[.]127"}, {"hashes": ["639d23e7cfb18c85c237fda935e3a69cc105a31cb2d58fd25cb222b16e0ebc2b"], "ip": "44[.]219[.]130[.]155"}], "mutex": [{"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "name": "hpsupporta-0NMJO7"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "name": "7433cdb324b04dd5e3c3db213381216c7c539baa"}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "name": "J14-9347TBE693E5"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "name": "remcos_xoqlvkobzx"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "name": "hpsupport-14R0XW"}], "registry": [{"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["00c935c3cf87816fd66654a66a5e3ec1a40674eabaf05b65082190e1a1bd55e4", "0c403455d1949c9b643d9299300fd6816c8527549cf1566e44a9f653dde909f5", "8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4", "cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9", "d418893a78767ea5afe08f34328232b893046f2190b6822a4a55a23cd807a88d", "f7a5e4ba58c46562fa48143e2e05ae3eecc46501ae288b900e61621b56b20fee"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hpsupportdf"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-0NMJO7", "value_name": "exepath"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-0NMJO7", "value_name": "licence"}, {"hashes": ["6edf59ab00fc8a5c0baaf2600c3deeb2c8c52fa6454541b86213521629f2225c", "ada0ca0f3efdc72e6bb70e00df6ae03411044bc50e9c2973ec3eafa73c27fe2a", "cccbc7d541a6e9b352d2e6f52f8083b024561f71fd0b7195bfab03c9103e827b", "f5f1f247d16a00e76173edc03ecf60636ff7a9c6c898f0e048e30f02ecfc113b"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-0NMJO7", "value_name": null}, {"hashes": ["aaa9888059a78dc3eff1c8939f125052ce50914b2c5149b667cfb33f2d60793b", "c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed", "f03e9ebe28c6f2ad739335ef71ec842f43b5034e94f8a1c3892491800f3145e3"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NetWire"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hpsupport"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["a52143ab756a37bcd7de8b5869061a195d9f404dba80e5b6ee14b6d7548c1ad8"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "5J-XUFWH2T"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "chrome"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{R7881T2L-5Q6O-A6AF-YTOP-UR6LGAD671YS}", "value_name": "StubPath"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["c12defeb704dbb21f54896cd1f7e0ec6ee3ed1dd4bd3ebf777b95d291f9b05ed"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "key": "<HKCU>\\SOFTWARE\\REMCOS_XOQLVKOBZX", "value_name": null}, {"hashes": ["96670d316eec735cbb7dda69e578659260f220e3651f89d0d413c3f6044b5510"], "key": "<HKCU>\\SOFTWARE\\REMCOS_XOQLVKOBZX", "value_name": "EXEpath"}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{R7881T2L-5Q6O-A6AF-YTOP-UR6LGAD671YS}", "value_name": null}, {"hashes": ["92a2fb494f7dd6cd2908567b3f9d81664c0ce27532936651f85b8302dab6ea6c"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORT-14R0XW", "value_name": null}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORT-14R0XW", "value_name": "exepath"}, {"hashes": ["d5c4b482c7282d1a767b7d165c47261d14959a4acd6f2bd07ccd0548d3589310"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORT-14R0XW", "value_name": "licence"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "HWKHGJ"}, {"hashes": ["da29289e269a7c5d79dbad8e5976c912beec40d77166cbc386506769c064b548"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "shell"}, {"hashes": ["cf66700f2113d532cc65fd93d92a1aaadf58df032cb04341a99b9fd96c1cc8b9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "babababkdnhsg"}, {"hashes": ["8304a713ec50838d56a6bc1a489c87e8b1ccccdb090098ad4efed69e8012f1a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STARTPAGE", "value_name": "StartMenu_Balloon_Time"}]}, "reports_count": 25}, "Win.Dropper.Remcos-10011195-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["99231a8315c128463e6cfebd53e6c92e9112859adf6bf890839513028c008bbd", "c50094f7f4e916f709f77d744c085077e5e36c5d9f04d3060c070c23b10af856", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "9dd2edc4eb2ab7d3a1c238a0b8be7658bd2af062b6f7c03eb578c8a3ad82cdc5", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "4ad68afeed6c18b0185e4ec793f825e734935671f4bdbb4ec9c019972ba93064", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "dc6b8953fa1be8082acb36898d5ed60fe016afd4b392b1b82f45b1ab0647be49", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "2a7f24497b90c763c0714c0e1313e5dd899b85963f657bd1302a36fe4c4f55c9", "b0f25cb920e6cfacce95d66252e616d042b0260be17def122aa701ab1c005b60", "cae3fd31e5853fb3a9650a85c94d3ee0851e03d53d82c57a49905b97c66a5f74", "42eaade0de6a185309d3b13a32dc351d93452dbcbdded2ab650143bf8b6cafe4", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "6a65bb7a6cde96195d50aa7b55ca5cff73d532eca0db12b626a526039e0d333f", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "05981c05db85bd1116054ef5e99c5df384ac5c35ff79b76acffd6a99e7aca657", "839bdaa5ded4faeb3aff10352dbd93c2b22cdf954314d0a17cb4e3a48c5fef3a", "070038fba858d93969038e1c4c7cb70512f248c9d68596c913eba08922da26a6", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["99231a8315c128463e6cfebd53e6c92e9112859adf6bf890839513028c008bbd", "c50094f7f4e916f709f77d744c085077e5e36c5d9f04d3060c070c23b10af856", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "9dd2edc4eb2ab7d3a1c238a0b8be7658bd2af062b6f7c03eb578c8a3ad82cdc5", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "4ad68afeed6c18b0185e4ec793f825e734935671f4bdbb4ec9c019972ba93064", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "dc6b8953fa1be8082acb36898d5ed60fe016afd4b392b1b82f45b1ab0647be49", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "2a7f24497b90c763c0714c0e1313e5dd899b85963f657bd1302a36fe4c4f55c9", "b0f25cb920e6cfacce95d66252e616d042b0260be17def122aa701ab1c005b60", "cae3fd31e5853fb3a9650a85c94d3ee0851e03d53d82c57a49905b97c66a5f74", "42eaade0de6a185309d3b13a32dc351d93452dbcbdded2ab650143bf8b6cafe4", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "6a65bb7a6cde96195d50aa7b55ca5cff73d532eca0db12b626a526039e0d333f", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "05981c05db85bd1116054ef5e99c5df384ac5c35ff79b76acffd6a99e7aca657", "839bdaa5ded4faeb3aff10352dbd93c2b22cdf954314d0a17cb4e3a48c5fef3a", "070038fba858d93969038e1c4c7cb70512f248c9d68596c913eba08922da26a6", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "pe-uses-visual-basic", "hashes": ["99231a8315c128463e6cfebd53e6c92e9112859adf6bf890839513028c008bbd", "c50094f7f4e916f709f77d744c085077e5e36c5d9f04d3060c070c23b10af856", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "9dd2edc4eb2ab7d3a1c238a0b8be7658bd2af062b6f7c03eb578c8a3ad82cdc5", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "4ad68afeed6c18b0185e4ec793f825e734935671f4bdbb4ec9c019972ba93064", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "dc6b8953fa1be8082acb36898d5ed60fe016afd4b392b1b82f45b1ab0647be49", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "2a7f24497b90c763c0714c0e1313e5dd899b85963f657bd1302a36fe4c4f55c9", "b0f25cb920e6cfacce95d66252e616d042b0260be17def122aa701ab1c005b60", "cae3fd31e5853fb3a9650a85c94d3ee0851e03d53d82c57a49905b97c66a5f74", "42eaade0de6a185309d3b13a32dc351d93452dbcbdded2ab650143bf8b6cafe4", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "6a65bb7a6cde96195d50aa7b55ca5cff73d532eca0db12b626a526039e0d333f", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "05981c05db85bd1116054ef5e99c5df384ac5c35ff79b76acffd6a99e7aca657", "839bdaa5ded4faeb3aff10352dbd93c2b22cdf954314d0a17cb4e3a48c5fef3a", "070038fba858d93969038e1c4c7cb70512f248c9d68596c913eba08922da26a6", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["99231a8315c128463e6cfebd53e6c92e9112859adf6bf890839513028c008bbd", "c50094f7f4e916f709f77d744c085077e5e36c5d9f04d3060c070c23b10af856", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "9dd2edc4eb2ab7d3a1c238a0b8be7658bd2af062b6f7c03eb578c8a3ad82cdc5", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "4ad68afeed6c18b0185e4ec793f825e734935671f4bdbb4ec9c019972ba93064", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "dc6b8953fa1be8082acb36898d5ed60fe016afd4b392b1b82f45b1ab0647be49", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "2a7f24497b90c763c0714c0e1313e5dd899b85963f657bd1302a36fe4c4f55c9", "b0f25cb920e6cfacce95d66252e616d042b0260be17def122aa701ab1c005b60", "cae3fd31e5853fb3a9650a85c94d3ee0851e03d53d82c57a49905b97c66a5f74", "42eaade0de6a185309d3b13a32dc351d93452dbcbdded2ab650143bf8b6cafe4", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "6a65bb7a6cde96195d50aa7b55ca5cff73d532eca0db12b626a526039e0d333f", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "05981c05db85bd1116054ef5e99c5df384ac5c35ff79b76acffd6a99e7aca657", "839bdaa5ded4faeb3aff10352dbd93c2b22cdf954314d0a17cb4e3a48c5fef3a", "070038fba858d93969038e1c4c7cb70512f248c9d68596c913eba08922da26a6", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "cmd-exe-file-execution", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "unsigned-roaming-execution", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "created-executable-sample-appdata", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "feed-domain-rat", "hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "pe-uses-armadillo", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "network-snort-malware", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "malware-remcos-mutex", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "malware-remcos-path", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "process-windows-script-launched", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "dns-dynamic-domain", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "malware-known-trojan-av", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "files-deleted-used-vbs", "hashes": ["f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-batch", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-dynamic", "hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-fareit-file-activity", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": []}, {"bi": "registry-login-info-modified", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "registry-created-user", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0005", "TA0003", "T1112", "T1098"]}, {"bi": "malware-generic-infostealer", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-email-program-information", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "dns-query-nxdomain", "hashes": ["e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "process-uses-localhost-traffic", "hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping", "hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": ["TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-netwire-rat-registry", "hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "mitre_attack_tags": []}, {"bi": "registry-activesetup-key-modified", "hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3"], "mitre_attack_tags": []}, {"bi": "malware-azorult-mutex-detected", "hashes": ["fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-obfuscation", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0006", "T1003", "T1555"]}, {"bi": "network-http-blank-user-agent", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "modified-file-in-program-dir", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "files-created-vbs", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "vbs-calls-shell", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "excessive-sample-duplication", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "file-ini-modified", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-formbook-mutex-detected", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}, {"bi": "network-explorer-process", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "html-page-not-found", "hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam, and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["05981c05db85bd1116054ef5e99c5df384ac5c35ff79b76acffd6a99e7aca657", "070038fba858d93969038e1c4c7cb70512f248c9d68596c913eba08922da26a6", "1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "2a7f24497b90c763c0714c0e1313e5dd899b85963f657bd1302a36fe4c4f55c9", "42eaade0de6a185309d3b13a32dc351d93452dbcbdded2ab650143bf8b6cafe4", "4ad68afeed6c18b0185e4ec793f825e734935671f4bdbb4ec9c019972ba93064", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "6a65bb7a6cde96195d50aa7b55ca5cff73d532eca0db12b626a526039e0d333f", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "839bdaa5ded4faeb3aff10352dbd93c2b22cdf954314d0a17cb4e3a48c5fef3a", "99231a8315c128463e6cfebd53e6c92e9112859adf6bf890839513028c008bbd", "9dd2edc4eb2ab7d3a1c238a0b8be7658bd2af062b6f7c03eb578c8a3ad82cdc5", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "b0f25cb920e6cfacce95d66252e616d042b0260be17def122aa701ab1c005b60", "c50094f7f4e916f709f77d744c085077e5e36c5d9f04d3060c070c23b10af856", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "cae3fd31e5853fb3a9650a85c94d3ee0851e03d53d82c57a49905b97c66a5f74", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "dc6b8953fa1be8082acb36898d5ed60fe016afd4b392b1b82f45b1ab0647be49", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286", "f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3", "fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3"], "iocs": {"domain": [{"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "host": "teryts1802[.]sytes[.]net"}, {"hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470"], "host": "onelove03[.]duckdns[.]org"}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "host": "fucktoto[.]duckdns[.]org"}, {"hashes": ["fcbdee2bf9ee0203aab83047871b97ad91373b0e14265dc9973366086638d3d3"], "host": "drantvenaco[.]xyz"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]hydzjg[.]com"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]verysinr[.]com"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570"], "host": "ebuxxxxx[.]duckdns[.]org"}, {"hashes": ["7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "host": "tunedd30[.]duckdns[.]org"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]salesnjinn[.]com"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]christianroyaltyapparel[.]com"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]augiticmisknow[.]party"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]aow85[.]com"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "host": "www[.]horizonenterprisediscovery[.]com"}, {"hashes": ["e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "host": "onlygoodm[.]com"}], "file": [{"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "path": "%TEMP%\\install.vbs"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "path": "%APPDATA%\\hpsupportl"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "path": "%APPDATA%\\hpsupportl\\logs.dat"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "path": "%APPDATA%\\hpsupportk"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "path": "%APPDATA%\\hpsupportk\\hpsupportw.exe"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "path": "%APPDATA%\\remcos"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "path": "%APPDATA%\\remcos\\remcos.exe"}, {"hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "path": "%APPDATA%\\Install"}, {"hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "path": "%APPDATA%\\Install\\Host.exe"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "path": "%TEMP%\\install.bat"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%HOMEPATH%\\file"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%HOMEPATH%\\file\\bin.exe"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%HOMEPATH%\\file\\bin.vbs"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18\\5-7log.ini"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18\\5-7logim.jpeg"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18\\5-7logrc.ini"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18\\5-7logri.ini"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%APPDATA%\\5-7-7D18\\5-7logrv.ini"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%ProgramFiles(x86)%\\Lwbphud"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%TEMP%\\Lwbphud"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%ProgramFiles(x86)%\\Lwbphud\\IconCacheojphll2x.exe"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "path": "%TEMP%\\Lwbphud\\IconCacheojphll2x.exe"}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7"], "path": "%TEMP%\\1514536984.bat"}, {"hashes": ["d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7"], "path": "%TEMP%\\1514542210.bat"}, {"hashes": ["e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "path": "%TEMP%\\1514536500.bat"}], "ip": [{"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "ip": "216[.]218[.]135[.]118"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "ip": "192[.]169[.]69[.]25"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "ip": "61[.]139[.]126[.]54"}], "mutex": [{"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "name": "hpsupporta-3474R7"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "name": "remcos_uagftaawdgtkfly"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570"], "name": "remcos_mpgoqkdcerxzzve"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "name": "5-7-7D18-X4vYDyz"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "name": "S-1-5-21-2580483-12442889567640"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "name": "S-1-5-21-2580483-15883551588870"}], "registry": [{"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "hpsupportdf"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-3474R7", "value_name": "exepath"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-3474R7", "value_name": "licence"}, {"hashes": ["21439850d13a4c45e6f75caf0c149dbb15859393ac229ba6c74683777994304d", "51ced0fcb9d3fec5cfa3e72de7b930b6d78fc62814abbb7f1162342e8c22cbca", "680696d80533b37e67db64b6b5503a7b69b7a14d0ef4ce413b38056669620780", "81e497b15e18c5da4908b4d6c8fe3c76a47fb4a4135f93efe42da98f48077901", "a288e629d848936d273fe256f841902a4f5f328e891954cdcc36ed8f2be066a1", "f98bb987e17fed85f8b2f1f265bc354f5f46df9f4d161d1b52cb36d4ad7e13e3"], "key": "<HKCU>\\SOFTWARE\\HPSUPPORTA-3474R7", "value_name": null}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003E9", "value_name": "F"}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000001F5", "value_name": "F"}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EC", "value_name": "F"}, {"hashes": ["67ec62211a942ea2b60ebb595d909f3961b70356ebf246a8a3b192309258e9e7", "d58673f907ab243c0a9179fb59047dd6bdce3481fe741516001c7668c8a846e7", "e0d5d0af7e4b140d9b590e93767d36c44dc3e54fe7fc16ca069a41f8ae7d5321"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570", "7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "remcos"}, {"hashes": ["c7a00b0bc4cff31661baa7f83d0a27c603ac0b6eef28f8f291a055d3590c5470", "eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "NetWire"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\INTELLIFORMS\\STORAGE2", "value_name": null}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX", "value_name": null}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX\\20.0.1 (EN-US)\\MAIN", "value_name": null}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "key": "<HKCU>\\SOFTWARE\\REMCOS_UAGFTAAWDGTKFLY", "value_name": "EXEpath"}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4KUJJ476-38ES-RCMH-QGW0-22030L368G76}", "value_name": "StubPath"}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570"], "key": "<HKCU>\\SOFTWARE\\REMCOS_MPGOQKDCERXZZVE", "value_name": "EXEpath"}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\ACTIVE SETUP\\INSTALLED COMPONENTS\\{4KUJJ476-38ES-RCMH-QGW0-22030L368G76}", "value_name": null}, {"hashes": ["1dee5ba303986f17484fca28500b8899bbee36d86aa0f34021ec5d82519c9570"], "key": "<HKCU>\\SOFTWARE\\REMCOS_MPGOQKDCERXZZVE", "value_name": null}, {"hashes": ["7a7060976e2908d0202c7c318be3226718cc324db2976e5423eb71b3851bad31"], "key": "<HKCU>\\SOFTWARE\\REMCOS_UAGFTAAWDGTKFLY", "value_name": null}, {"hashes": ["eb66fd13ec27e7f664138728ee6bf978115d6160a71d033602abe339808d0286"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Registry Key Name"}, {"hashes": ["f38e2a051b230a0865272ec488130f9064f9953b9ceff87d71d51538f281ed17"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "9R-XJVJ00B"}]}, "reports_count": 28}, "Win.Dropper.Zeus-10011479-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "TA0007", "T1027"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-known-trojan-av", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-key-modified", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "files-deleted-used-batch", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "unsigned-roaming-execution", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-zeus-variant-av", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-get", "hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "http-response-client-error", "hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "mitre_attack_tags": []}, {"bi": "html-form-post-action", "hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "mitre_attack_tags": []}, {"bi": "html-email-form-to-php", "hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "mitre_attack_tags": ["TA0001", "T1566"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zeus is a trojan that steals information such as banking credentials using methods such as key-logging and form-grabbing.", "hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "iocs": {"domain": [{"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "host": "conntact[.]com"}, {"hashes": ["285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544"], "host": "cursodegnosis[.]net"}, {"hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "host": "wildlife-galleries[.]co[.]uk"}, {"hashes": ["a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "host": "www[.]tuguarenas[.]com"}, {"hashes": ["5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d"], "host": "tuoitredakrlap[.]net"}], "file": [{"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "path": "%TEMP%\\tmp<random, matching '[0-9a-z]{8}'>.bat"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "path": "%APPDATA%\\<random, matching '[A-Z][a-z]{3,5}\\[a-z]{4,6}'>.exe"}, {"hashes": ["1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896"], "path": "%APPDATA%\\Agumaz\\ukuvt.oqd"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61"], "path": "%APPDATA%\\Rimuxy\\gaka.aku"}, {"hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544"], "path": "%APPDATA%\\Ukomim\\heyf.deg"}, {"hashes": ["8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "path": "%APPDATA%\\Izxi\\omly.eqe"}, {"hashes": ["32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f"], "path": "%APPDATA%\\Umudb\\odmok.evr"}, {"hashes": ["a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "path": "%APPDATA%\\Avke\\egroo.agk"}, {"hashes": ["fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "path": "%APPDATA%\\Zaopy\\vemoe.ebk"}, {"hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9"], "path": "%APPDATA%\\Onsuca\\goba.lyc"}, {"hashes": ["5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d"], "path": "%APPDATA%\\Toze\\avlo.pee"}, {"hashes": ["f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "path": "%APPDATA%\\Ygol\\riyxd.apa"}, {"hashes": ["285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105"], "path": "%APPDATA%\\Dywib\\ysah.eki"}, {"hashes": ["d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828"], "path": "%APPDATA%\\Nyyryz\\muehe.avr"}], "ip": [{"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "ip": "34[.]98[.]99[.]30"}, {"hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "ip": "109[.]203[.]118[.]16"}], "mutex": [{"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "182e47a72f0bef509026ffe4a99e2a55a3141b6a522418cec02306b8ec54ac22", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "3e9402d4c401522c9f272174035ef73a6543b3a7f51e6f7678807e427acd1deb", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "cd74c2ab3244618836b4e9dfb6e4c751003b2262325c0d580ea70ebf353f766e", "cd7727e61b2dbdbd0f9f346dd86f219485268be84348431c63e14fd00e23c0a5", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "d846e714d440c4ebf5be078ab98c48d28f235cbe315cf990bacecc13fc214d98", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "name": "85485515"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "name": "Local\\{<random GUID>}"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "name": "Local\\{224FD2A9-13F0-844B-01B4-47867CA2B270}"}], "registry": [{"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f", "5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d", "825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\Software\\Microsoft\\<random, matching '[A-Z][a-z]{3,11}'>", "value_name": null}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61", "1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896", "8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3", "d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828", "fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{C45BAE81-6FD8-625F-01B4-47867CA2B270}"}, {"hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9", "f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{2AD245C9-6C14-D117-E84E-F21650C846A7}"}, {"hashes": ["285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105", "84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{429DEFC0-AD95-8173-F328-FEDF80CD61A8}"}, {"hashes": ["1cc22b339677ca1f45d2cfde253948875a36f6ead95761d4cc00d4ec2d030896"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\TAVIYR", "value_name": "Hyqafowo"}, {"hashes": ["0390a213c2f1e2044dc034ef69854250734d366b588e5ed56ccfd43d6e487c61"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DIAQ", "value_name": "Tufa"}, {"hashes": ["84644c5a5b0ac873fbcff8d088f1a86e285a8ece5bbd540108e1d4f275e85544"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EDVA", "value_name": "Ruudibnir"}, {"hashes": ["8f676a2f5fa319d6851f636276440eac7c792e25bc41ea3158111e8670a80ff3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\RAAMI", "value_name": "Oripxe"}, {"hashes": ["32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\HOOSS", "value_name": "Kuufture"}, {"hashes": ["32742ef7917d53a4b04ef1b926163b1c4671151228074cccc3d998b45cb6c92f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{1B9B0642-9212-04C9-E76A-6689A279823D}"}, {"hashes": ["a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EGNIB", "value_name": "Duvuoro"}, {"hashes": ["a44304a9afb8b2483bd187c11ee178f95bc157f4675b1fc3690b838dddffa846"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{82AFDD97-56B5-8180-6246-7EACFD9E3E11}"}, {"hashes": ["825d1887edc5ab4be8a488dddf3315778879c6c10a970e810ae96669ffd5dec9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OTIH", "value_name": "Umuz"}, {"hashes": ["5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\LUSYQO", "value_name": "Ecpiogtoi"}, {"hashes": ["fc0915f632bebb398389a039a278af638022bc23d9c725088d0abb4ff4485d7c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\UCRUU", "value_name": "Yxyqnupio"}, {"hashes": ["5f390a6125708cf8e7298e73b9e47ad77120052e0fcddf04be2d640120ee547d"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{4DDC5D3F-09DB-40C8-8BE7-793502F0E15B}"}, {"hashes": ["f5a105041be2e898ea346c48c4f63c5277aa11f7a07e63e01d0428d209942fe8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\OSYCR", "value_name": "Okgeta"}, {"hashes": ["285acd4d1368f8e0c43133996656d60ed5b121beca9368fb3fb93e6eb380c105"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WUENMU", "value_name": "Obyqupdot"}, {"hashes": ["d26420918252c8f6400f20514b4181f0b50876310652f3367b600768a4fa3828"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\EQKURY", "value_name": "Itusri"}]}, "reports_count": 17}, "Win.Malware.Zusy-10010855-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-shared", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-vmprotect", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e", "ca6cbe88ec7ea526bb62fcd482edaf329964cfcef23148d572cf3d0a0ce2ed83", "d86531a962955298db8ba331bde1a5da5c7420a5b283e4bdc18a1908ff88cca0", "e98a827354449012a89240df4af4d75d365261e0daace284ad2b4f3d7ed0830b", "f23f433c9f9c725611186e69dced1d5e9f4eb6bc25c0503a2c4e7a5515d94370", "f2ffd4c87a093b9c84f001111f60be09c3958461159695096a45b84eecad74d8"], "iocs": {"domain": [{"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "host": "bucket-ynote-online-cdn[.]note[.]youdao[.]com"}, {"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "host": "note[.]youdao[.]com"}], "file": [{"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "path": "\\TEMP\\code.dll"}, {"hashes": ["63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba"], "path": "%TEMP%\\1063874369\\...."}, {"hashes": ["5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e"], "path": "%TEMP%\\1397711845"}, {"hashes": ["5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e"], "path": "%TEMP%\\1397711845\\...."}, {"hashes": ["6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61"], "path": "%TEMP%\\1397711751"}, {"hashes": ["6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61"], "path": "%TEMP%\\1397711751\\...."}, {"hashes": ["498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb"], "path": "%TEMP%\\1397709317"}, {"hashes": ["498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb"], "path": "%TEMP%\\1397709317\\...."}, {"hashes": ["03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c"], "path": "%TEMP%\\1397708319"}, {"hashes": ["03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c"], "path": "%TEMP%\\1397708319\\...."}, {"hashes": ["8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5"], "path": "%TEMP%\\1397712250"}, {"hashes": ["8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5"], "path": "%TEMP%\\1397712250\\...."}, {"hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c"], "path": "%TEMP%\\1397709348"}, {"hashes": ["bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c"], "path": "%TEMP%\\1397709348\\...."}, {"hashes": ["850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc"], "path": "%TEMP%\\1397711860"}, {"hashes": ["850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc"], "path": "%TEMP%\\1397711860\\...."}, {"hashes": ["17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e"], "path": "%TEMP%\\1397712671"}, {"hashes": ["17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e"], "path": "%TEMP%\\1397712671\\...."}, {"hashes": ["c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "path": "%TEMP%\\1397713139"}, {"hashes": ["c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "path": "%TEMP%\\1397713139\\...."}, {"hashes": ["c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6"], "path": "%TEMP%\\1397713841"}, {"hashes": ["c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6"], "path": "%TEMP%\\1397713841\\...."}, {"hashes": ["3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6"], "path": "%TEMP%\\1397710409"}, {"hashes": ["3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6"], "path": "%TEMP%\\1397710409\\...."}, {"hashes": ["20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232"], "path": "%TEMP%\\1397712999"}, {"hashes": ["20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232"], "path": "%TEMP%\\1397712999\\...."}, {"hashes": ["2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0"], "path": "%TEMP%\\1397709863"}, {"hashes": ["2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0"], "path": "%TEMP%\\1397709863\\...."}, {"hashes": ["891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c"], "path": "%TEMP%\\1397711689"}, {"hashes": ["4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426"], "path": "%TEMP%\\1397713077"}, {"hashes": ["4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426"], "path": "%TEMP%\\1397713077\\...."}, {"hashes": ["448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9"], "path": "%TEMP%\\1397712625"}, {"hashes": ["448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9"], "path": "%TEMP%\\1397712625\\...."}, {"hashes": ["891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c"], "path": "%TEMP%\\1397711689\\...."}, {"hashes": ["70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6"], "path": "%TEMP%\\1397711673"}, {"hashes": ["70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6"], "path": "%TEMP%\\1397711673\\...."}, {"hashes": ["c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3"], "path": "%TEMP%\\1397709770"}, {"hashes": ["c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3"], "path": "%TEMP%\\1397709770\\...."}, {"hashes": ["95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a"], "path": "%TEMP%\\1397711501"}, {"hashes": ["95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a"], "path": "%TEMP%\\1397711501\\...."}, {"hashes": ["1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a"], "path": "%TEMP%\\1397711158"}, {"hashes": ["1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a"], "path": "%TEMP%\\1397711158\\...."}, {"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459"], "path": "%TEMP%\\1397710784"}, {"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459"], "path": "%TEMP%\\1397710784\\...."}, {"hashes": ["70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "path": "%TEMP%\\1397710752"}, {"hashes": ["70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "path": "%TEMP%\\1397710752\\...."}, {"hashes": ["2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9"], "path": "%TEMP%\\1397711533"}, {"hashes": ["2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9"], "path": "%TEMP%\\1397711533\\...."}, {"hashes": ["263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3"], "path": "%TEMP%\\1397711221"}, {"hashes": ["263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3"], "path": "%TEMP%\\1397711221\\...."}], "ip": [{"hashes": ["17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e", "1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232", "263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9", "448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb", "4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426", "6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c", "8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "ip": "128[.]1[.]157[.]224/30"}, {"hashes": ["2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0", "3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6", "5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc"], "ip": "128[.]1[.]157[.]228"}, {"hashes": ["448580bb338636b13ebd5598cd2f24696e2564dda300eab9a85031cbfe162ff9", "95453ff31dc805f76874fcae507414318ac0240d226967590f18e83e8655012a", "bc4b18edbf2b6312980b9d11c28beb597dd92312d41c87962f0c7ee90959e66c", "c7a1bc66652638a4b2b00f4c6d4d9718380462ca8bfd94242ce085fe4410723e"], "ip": "61[.]170[.]77[.]234/31"}, {"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba", "c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6"], "ip": "128[.]1[.]157[.]230/31"}, {"hashes": ["01cc53c302446a2e15a7b7a7a74916f046b4fd33065ef243fbffacd95766d459", "70f6911ebc64c4fb1a25b9061a1eab4bc57b5fc0089c890f26df35f8da4cad02"], "ip": "222[.]73[.]33[.]209"}, {"hashes": ["6d3ea1979f85f2ac65808b445cc49b3b5e04110a162e4c315169a1c59c2c0b61", "850fcf9865a30e415515aa4efdc73d59dc1c59ab3df5621dcf36f6ad7c2f48bc"], "ip": "114[.]80[.]179[.]242"}, {"hashes": ["263ec38f95ec125a0f8b48b3a16159130084146fdc9431abc4d7d6142d1467b3", "891ced20003dfe6f9c105e727ecb87ab73cceb642d91c59451630d40441ad58c"], "ip": "61[.]170[.]81[.]250"}, {"hashes": ["03b6b1a6c120c70724a11b2d5b4831157829d07e61a372f066398d9be23ef55c", "63dcc1077304b8ff6d9a555d58cf3a4f9e0218a0246cf899897024815e951dba"], "ip": "101[.]226[.]26[.]134/31"}, {"hashes": ["1e6e6c9475dfd79ed14ca92d7ee9dbe0b0b431bc5217e80a1d193415b4ccaa3a", "2a491cde6070f6dd980d2e328d54e77cc35370e288e186c1f7c8f9f9209892b0"], "ip": "101[.]226[.]26[.]136/31"}, {"hashes": ["5496e6ac7968a49bac965aca651582ce874e594592206cad548f5ef353160f1e"], "ip": "61[.]170[.]77[.]230"}, {"hashes": ["c580ccfd7d6e8e5afed318f8aab2ea2798bf8886dfb247beb82d6242d29347e6"], "ip": "61[.]170[.]81[.]204"}, {"hashes": ["20d7a56937b58e204db62e45611b8a9146e95108b31fc0f5d92cbcc8ea387232"], "ip": "101[.]226[.]26[.]140"}, {"hashes": ["17e951cbe7d604bb2c3621c77237264c19f90a68d7c9c8024effda9c317e855e"], "ip": "114[.]80[.]179[.]215"}, {"hashes": ["498d707a42657c0b7ccfdc2def9d63f4d19c145461ed8964bcd0f1c26b3228eb"], "ip": "114[.]80[.]179[.]211"}, {"hashes": ["70cf7868355f4eacb0c97c210b7d976570764a43b02b79f9b1f659dd868350a6"], "ip": "61[.]170[.]77[.]229"}, {"hashes": ["c1113ed3080862ec70c245b72c1d2914e996dbf8fa847cb7208ffd412f8793a3"], "ip": "101[.]226[.]26[.]128"}, {"hashes": ["8f9fa23402495fdc9c068b2b2d3c6446f4ac94eb8bfc0d411e4f2f9dd8ff82f5"], "ip": "61[.]170[.]81[.]215"}, {"hashes": ["3ce95ed5e0819efbbd6442968b24c645942b2337f5ccbea435535d5d8e45a8c6"], "ip": "61[.]170[.]77[.]236"}, {"hashes": ["4ff2d0d278379eba9906ca0df0eb5a640985da45cd1ea7a4f8af1161f735b426"], "ip": "61[.]170[.]81[.]234"}, {"hashes": ["2b8a116b1809ed75ff2da6932d139166d2c12c0e8ea3e012fc297b0c70f44ab9"], "ip": "222[.]73[.]33[.]212"}], "mutex": [], "registry": []}, "reports_count": 25}, "Win.Packed.AgentTesla-10010785-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "pe-header-linker-major", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-future", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-dynamic-domain", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0011", "T1568"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "network-http-blank-user-agent", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-sandbox", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "network-fast-flux-domain", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-agent-tesla-detected", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0009", "TA0006", "T1123", "T1125", "T1056"]}, {"bi": "malware-agent-tesla-av-detected", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "network-opendns-malicious", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "artifact-pe-no-name", "hashes": ["6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cmd-exe-file-execution", "hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "files-created-batch", "hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-taskkill", "hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "network-telegram-domain-detected", "hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "pe-encrypted-section", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-invalid-checksum", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "schtask-forcefully-created", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "modified-file-in-program-dir", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0005", "T1553"]}, {"bi": "process-check-zone-identifier", "hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "mitre_attack_tags": ["TA0007", "TA0005", "T1518", "T1553"]}, {"bi": "deleted-submitted-file", "hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-suspicious-public-ip", "hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "mitre_attack_tags": ["TA0005", "TA0007"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "AgentTesla is a remote access rojan that records keystrokes and attempts to steal sensitive information from web browsers and other installed applications.", "hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51", "36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881", "74e11cf2be6cd94f573a8121013c74cc93558aa8cde83780c4854d3ec3bdf1c6", "7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8", "f704722d897598af8c22bbca70c9edc3d6a69ca00568bf4150881be567ba52da"], "iocs": {"domain": [{"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "host": "checkip[.]dyndns[.]org"}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95"], "host": "dispatchweekly[.]com"}, {"hashes": ["0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82"], "host": "kenesrakishev[.]net"}, {"hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "host": "rakishev[.]net"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "host": "raw[.]githubusercontent[.]com"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "host": "api[.]telegram[.]org"}], "file": [{"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "path": "%APPDATA%\\ScreenShot"}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "path": "%APPDATA%\\ScreenShot\\screen.jpeg"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\task.dat"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%System32%\\Tasks\\AGP Manager"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%System32%\\Tasks\\AGP Manager Task"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "path": "\\TEMP\\DotNetZip.dll"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%TEMP%\\tmp791.tmp"}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26"], "path": "%APPDATA%\\Adobe\\R.exe"}, {"hashes": ["488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82"], "path": "%TEMP%\\V8.exe"}, {"hashes": ["62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784"], "path": "%APPDATA%\\Adobe\\2.exe"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "path": "%APPDATA%\\Adobe\\.exe"}, {"hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "path": "%APPDATA%\\audddd"}, {"hashes": ["a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95"], "path": "%ProgramData%\\Application Data\\GL.exe"}, {"hashes": ["3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60"], "path": "%ProgramData%\\Start Menu\\9H6RQHZI64J.exe"}, {"hashes": ["3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60"], "path": "%ProgramData%\\Microsoft\\Windows\\Start Menu\\9H6RQHZI64J.exe"}, {"hashes": ["a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95"], "path": "%ProgramData%\\GL.exe"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%APPDATA%\\Identities\\OIX.exe"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "path": "%LOCALAPPDATA%\\7a5d2bcb028d0c29c6ab36d358820c4b"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "path": "%TEMP%\\tmp6D17.tmp"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "path": "%TEMP%\\tmp6D17.tmp.bat"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "path": "%TEMP%\\tmpF5F.tmp"}, {"hashes": ["1c95a9e24ef743ee2bd1ce1e8362ecfe500ec095812bd1a43db9e93370006e51"], "path": "%TEMP%\\TCD3B8F.tmp\\LSM9BO6QP7A4UO.exe"}, {"hashes": ["a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "path": "%ProgramData%\\74DM6.exe"}, {"hashes": ["7ce409445bd96bdda132a6c97169dfd2dcf69c1e59a526b1a6882ed154e33185"], "path": "%ProgramData%\\Mozilla\\GC06PAT37.exe"}, {"hashes": ["0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844"], "path": "%TEMP%\\WV62LAHUHVDTWL.exe"}, {"hashes": ["6b28372c408fbc0dc427b6f62aef80fd79df3d1db0c55da22468a4af442f2881"], "path": "%TEMP%\\18794720-3BC1-41B4-ACD8-1B0A8DB1EC57\\.exe"}], "ip": [{"hashes": ["0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "ip": "193[.]122[.]130[.]0"}, {"hashes": ["0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "ip": "132[.]226[.]8[.]169"}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95"], "ip": "193[.]122[.]6[.]168"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95"], "ip": "172[.]67[.]69[.]96"}, {"hashes": ["0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82"], "ip": "162[.]213[.]251[.]134"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "ip": "149[.]154[.]167[.]220"}, {"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "ip": "185[.]199[.]111[.]133"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "ip": "45[.]67[.]228[.]51"}, {"hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "ip": "158[.]101[.]44[.]242"}, {"hashes": ["3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60"], "ip": "104[.]26[.]10[.]89"}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26"], "ip": "104[.]26[.]11[.]89"}, {"hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "ip": "172[.]67[.]150[.]79"}, {"hashes": ["a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "ip": "89[.]47[.]1[.]10"}], "mutex": [{"hashes": ["0dc49cff6bbb27af37cb8e199f8f4122fcedf647955660d980c9944e3b58d7fc"], "name": "HMYAYDAVR5GSQKT8N5DJ"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "name": "Global\\{691d653b-e3fd-4576-a193-64407d29eeee}"}], "registry": [{"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\DRAWDIB", "value_name": null}, {"hashes": ["00515fe91a6b40d5c5ae851cb18d31c675ff38901edd352b3e6379087d5f2b26", "0e2e87be4f630eca53dc753711ccffd41f771e2fd9ce446a7491674329209844", "3e49fe819025e4a6e061584f1a596f535d8c7dae935a079121ef19e0c11b3e60", "488c73c88c1aeeede951446e63b9f0fced2a913f1610fc0e71ae0ab1aa826b82", "5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f", "610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540", "62904bd3def9671a1352f9cbc0d36e1981663bbd954c2f42e1e88460517d8784", "a1220eb6311115d3a4a6cbf77665fb444a54f9d715ee0e5c9651459222118c95", "a7d7f71dd797380ee843dd5ccd9d73b898b9d8eaf25dfa8dc7be66e2c36f83a8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MULTIMEDIA\\DRAWDIB", "value_name": " 1152x864x32(BGR 0)"}, {"hashes": ["36d939859128fd7a891258579fafa9b522ca637202b292f05acc8ee47dfd20a0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "EnableFileTracing"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "EnableConsoleTracing"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "FileTracingMask"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "ConsoleTracingMask"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "MaxFileSize"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": "FileDirectory"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "EnableFileTracing"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "EnableConsoleTracing"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "FileTracingMask"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "ConsoleTracingMask"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "MaxFileSize"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": "FileDirectory"}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASAPI32", "value_name": null}, {"hashes": ["610f1d2a16f1511223b1a969ef53a772ccb2ead1fea79cf3d67eb3faf06de540"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\TRACING\\_RASMANCS", "value_name": null}, {"hashes": ["5498127f11928bb91062949e7f2d2a140164036490563db5fcfb85c29e4d3e1f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MyOtApp"}]}, "reports_count": 16}, "Win.Packed.CoinMiner-10011305-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-certificate", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-dns-category-cryptomining", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "network-snort-pua", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "malware-trojan-coinminer-detected", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-malware", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "cryptonight-library-detected", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "pe-imports-exe", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "feed-domain-dll-hijacking", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "malware-pe-stratum-coinminer", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": []}, {"bi": "artifact-vulnerable-driver-dropped", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1574"]}, {"bi": "pe-invalid-checksum", "hashes": ["ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This malware installs and executes cryptocurrency-mining software.", "hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "iocs": {"domain": [{"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "host": "pool[.]hashvault[.]pro"}], "file": [{"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "path": "%APPDATA%\\Google"}, {"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "path": "%APPDATA%\\Google\\Libs"}, {"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "path": "%APPDATA%\\Google\\Libs\\WR64.sys"}, {"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "path": "%TEMP%\\qdorobglftsq.tmp"}], "ip": [{"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4"], "ip": "142[.]202[.]242[.]45"}, {"hashes": ["28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "ip": "142[.]202[.]242[.]43"}], "mutex": [{"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "name": "atwimjbzqckrcqbp"}, {"hashes": ["0418cdb7929843bb178117edceb2da83d7e5b2324102160d89b0501a2f98bbfd", "0b2543ca8927a890090c75074661192b96c9ab16470663c54208fa98451e84b0", "120fa170b822961e74e598032928a50923cb13eb47e681f10c902c7a9b3037a9", "28c0c623b2c1ae88989303038fd8deb1a2f70e5915e309a4bfc49d98b7eec7d8", "2effdfaaf496f107e15a40d407b340a3ef1412eaf25c8964fbdf95745f81d6a4", "3c10a8c8a245a127c01ff4ff0fa2e5efe4fc593590b91ca6db614520a027c7bc", "425786ded081d2aef6df029bfa8081d55a6d1d779227de39e0a183beced35fc6", "48b81bf6601875a79bc51a940d1f8c52e1992d02a4c82ae9918ca9caf165e962", "4bab91437f57be24381b09d84ff6e0f8559dd9c763d8b91f4b3658d5b8fbccb8", "52ed438206b7d7b070a9a1cafb1a58e4bde9ba6ab38771713474274bdc425feb", "6ae0bd1945da4b746106d6c2f925c078fc434d7f8ab7d392ba5370f32dc02dc2", "70f4b38d9bb380303df03ca055f4af62d784e649fc556c3d9d7c61a365eb3921", "74e111ece66a5e72d0d2c6e208d2e4276f1e5e2d2b15dae3d7dfcda4ca629535", "82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966", "c5dc5e4924756efe46e5d66975f56ea421c41a49a0f7b70d8198f6f9d2648e01", "e78054bcf5b78d34eb871767647f180336157fac21a774b8a31f7f6dc37c21f4", "ee02b883db69d9401fb465800719963a5fdec877690d2cb4864a15c03bda4091"], "name": "Global\\atwimjbzqckrcqbp"}], "registry": [{"hashes": ["82ccec7113295fe5ddc9eebbd5330ce9c4bce472018ef5a62980722644cd5966"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STARTPAGE", "value_name": "StartMenu_Balloon_Time"}]}, "reports_count": 17}, "Win.Trojan.Tofsee-10010766-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "modified-executable", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "nginx-webserver-detected", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "sc-service-start", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "sc-service-create", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "sc-service-create-execute", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "suspicious-user-agent", "hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-file-uploaded", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-snort-server", "hashes": ["88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-safe-categories", "hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a"], "mitre_attack_tags": []}, {"bi": "network-dns-category-webspam", "hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-indicator-shellcode", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "network-downloaded-executable", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "network-snort-file-generic", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "firefox-cookie-read", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "pe-certificate", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialsp", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "url-forced-download-save-only", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "malware-generic-infostealer", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-cryptocurrency-information", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "network-snort-upload-to-webserver", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0010", "T1020"]}, {"bi": "process-created-sqlite-wal-log-files", "hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "mitre_attack_tags": ["TA0009", "T1005"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "http-response-redirect", "hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "double-url-detected", "hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "html-noscript-redirect", "hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "mitre_attack_tags": ["TA0001", "T1189"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a", "c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "iocs": {"domain": [{"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "www[.]google[.]com"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "vanaheim[.]cn"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "microsoft[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "i[.]instagram[.]com"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "www[.]google[.]es"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "t[.]me"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "steamcommunity[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "api[.]steampowered[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "www[.]instagram[.]com"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "host": "api[.]vk[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "www[.]amazon[.]co[.]uk"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "www[.]evernote[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "host": "ok[.]ru"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "www[.]google[.]fr"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "www[.]tiktok[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "imap[.]rambler[.]ru"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "host": "www[.]yahoo[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "www[.]google[.]com[.]au"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "www[.]google[.]co[.]nz"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "id[.]rambler[.]ru"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "static[.]cdninstagram[.]com"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258"], "host": "identity[.]bitwarden[.]com"}, {"hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405"], "host": "rapiddispatchllc[.]com"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "whugesto[.]net"}, {"hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "aspiringcreativesolutions[.]co[.]za"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "haunigre[.]net"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "get[.]hundredpercentmargin[.]com"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "statistic-data[.]com"}, {"hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "wordpressthemes[.]sajidztech[.]com"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d"], "host": "ww8[.]anyanime[.]com"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d"], "host": "deloplen[.]com"}, {"hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "delafab[.]com"}, {"hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "pay[.]sasbtopup[.]com"}, {"hashes": ["fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "dittaind[.]com"}, {"hashes": ["88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a"], "host": "coloroctopusdesign[.]com"}, {"hashes": ["fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "host": "kobbsmedia[.]com"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "lovetopost[.]name"}, {"hashes": ["f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "host": "compudani[.]com"}, {"hashes": ["fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "host": "nuaodisha[.]com"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "watch[.]cricstream[.]me"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f"], "host": "eppsl[.]com"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "www[.]animestc[.]net"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "host": "blogsmflix[.]xyz"}], "file": [{"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\sqlite3.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\freebl3.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\mozglue.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\msvcp140.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\nss3.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\softokn3.dll"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\vcruntime140.dll"}, {"hashes": ["5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "path": "%TEMP%\\lualjyq.exe"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\1T95Ye0aeftg"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\1T95Ye0aeftg-shm"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\1T95Ye0aeftg-wal"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\7th8d2Q2U980"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "path": "%HOMEPATH%\\AppData\\LocalLow\\EZi3W6aEj1e5"}], "ip": [{"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "45[.]143[.]201[.]238"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "62[.]122[.]184[.]92"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "176[.]113[.]115[.]84/31"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "62[.]122[.]184[.]58"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "193[.]106[.]174[.]220"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "142[.]250[.]80[.]68"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "142[.]250[.]65[.]227"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "93[.]115[.]25[.]49"}, {"hashes": ["5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "93[.]115[.]25[.]73"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "142[.]250[.]80[.]67"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "93[.]115[.]25[.]13"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "93[.]115[.]25[.]10"}, {"hashes": ["5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "ip": "20[.]231[.]239[.]246"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "93[.]115[.]25[.]110"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "23[.]200[.]98[.]58"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "104[.]75[.]113[.]100"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "34[.]120[.]241[.]214"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "34[.]117[.]59[.]81"}, {"hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "142[.]250[.]74[.]68"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "40[.]93[.]207[.]7"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "20[.]236[.]44[.]162"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "13[.]225[.]215[.]61"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "ip": "66[.]218[.]84[.]137"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "81[.]19[.]78[.]88"}, {"hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "ip": "81[.]19[.]77[.]170"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "ip": "142[.]250[.]72[.]100"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "142[.]251[.]32[.]99"}, {"hashes": ["61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b"], "ip": "142[.]250[.]65[.]196"}, {"hashes": ["f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "142[.]251[.]41[.]3"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "157[.]240[.]241[.]63"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "104[.]124[.]156[.]199"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b"], "ip": "52[.]101[.]40[.]26"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "ip": "217[.]20[.]147[.]1"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "217[.]20[.]155[.]13"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "ip": "87[.]240[.]137[.]206/31"}, {"hashes": ["da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "139[.]45[.]197[.]238/31"}, {"hashes": ["f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca"], "ip": "173[.]223[.]163[.]216/31"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "104[.]21[.]23[.]231"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "139[.]45[.]197[.]246"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "34[.]90[.]81[.]51"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "3[.]93[.]251[.]206"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "45[.]178[.]5[.]195"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "ip": "172[.]67[.]177[.]159"}], "mutex": [{"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "name": "SlimeLoveAllTheTime"}, {"hashes": ["42b2cb14dd123186b342a9b6e7f4602e8a3e6be4464aa224f50623307b027edc"], "name": "Global\\439f74e1-67b1-11ee-9660-001517b0163a"}, {"hashes": ["c1f292d936e613e673ff96354e9f0a1e984a02996e6d92ac18291f6f310c739a"], "name": "Global\\1352bd61-6914-11ee-9660-0015174ac6a1"}, {"hashes": ["c3020144db0b8288140b7f88d5909851b1aacaa3df70f8f3f2c81cae76fd7e85"], "name": "Global\\15b95d21-6914-11ee-9660-0015175f9dd6"}], "registry": [{"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "61dba3ac0001f7af924d4a228306e0cd3749445ba368a77b22ba9f30f98f0379", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fa569fdde5a4dcc5ca5636c8cd1294d57ab7096dddfc698be744fbeb0a70b7ca", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "da2a7c7a129426bcfab067d91f27467ebcde5996db5fe6e69c8418aff9e0345d", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e", "5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac", "57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f", "6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258", "88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a", "ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2", "b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b", "cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405", "dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118", "f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc", "fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["57d3bf38fe4fed3bc50773533d46358be48c5e81384e380ae488b91f67e8873f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\isupldcy"}, {"hashes": ["5526ee913fc27725e10272fcc696ab0c7178db48dced8a9928358fb8e11b49ac"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\vfhcyqpl"}, {"hashes": ["0c018ba0c0b75323b87ec3f55c6ed7302549b56e1ebd5b7c70c8a33fc6c5a65e"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\mwytphgc"}, {"hashes": ["cc961cfe772710958620932d215481c71a931d50d5bd520a947796a1646d9405"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\fprmiazv"}, {"hashes": ["88d59c2c9d8b4ff76d08e057d226530f5cee5abd564267656f1a1a5a6002521a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\jtvqmedz"}, {"hashes": ["fc7ca972d18acc6d5ed9c6efa7004c66902fb8d19c00d2d1fc2bed4dcad30a1a"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gqsnjbaw"}, {"hashes": ["b25f931f36baf4661f2bef5bab7eaf46f159757dd6f874d98ba96f8edacccd3b"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\tdfawonj"}, {"hashes": ["dc548cbbab081ed14e4805259afe55185717aa611eea409b480105f8addfa118"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\xhjeasrn"}, {"hashes": ["ad160e7bddf415b5b3ecf4c951f5d0a7e53bf3434f7b8c50713ba110f49002f2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\blniewvr"}, {"hashes": ["f49986695c72d2307fb1ae3cc76fe29798a6e843bc0d0240af3c83c60da1f7cc"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\lvxsogfb"}, {"hashes": ["6f1b7a7f4cdf4cd4263bcfa854cbf6eceb044439ffb183487458361d473db258"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\uegbxpok"}]}, "reports_count": 17}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-10-20T14:13:26+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Zeus-10011479-0", "Win.Downloader.Upatre-10011416-0", "Win.Packed.CoinMiner-10011305-1", "Win.Dropper.Remcos-10011195-0", "Win.Malware.Zusy-10010855-0", "Win.Packed.AgentTesla-10010785-1", "Win.Trojan.Tofsee-10010766-0", "Win.Dropper.Glupteba-10010808-0", "Win.Dropper.Nanocore-10011208-0", "Win.Dropper.DarkComet-10011490-1"]}