{"Doc.Malware.Valyria-10013349-0": {"bis": [{"bi": "vba-document-open", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "document-contains-vba-macro", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0002", "TA0001", "T1559", "T1566"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-calls-shell", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "vba-document-uses-base64", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-uses-environ", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "These variants of Valyria are malicious Microsoft Word documents that contain embedded VBA macros used to distribute other malware. ", "hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "iocs": {"domain": [], "file": [{"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRD0000.doc"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4"], "path": "%TEMP%\\tst69.tmp"}, {"hashes": ["4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4"], "path": "%TEMP%\\tstF7.tmp"}], "ip": [], "mutex": [{"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "name": "Local\\10MU_ACB10_S-1-5-5-0-67863"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "name": "Local\\10MU_ACBPIDS_S-1-5-5-0-67863"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "name": "Local\\WinSpl64To32Mutex_10960_0_3000"}], "registry": [{"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Name"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Path"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Extensions"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Name"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Path"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Extensions"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Name"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Path"}, {"hashes": ["000b51af496336d202cf40f4b0afa91ab678962705825d49d53454915b0fd651", "1bbf337f74ddfc46c865bc1d0fab402ce75f7687a1081d791f89e3b97633038f", "20cb7b1e4c59f6c9308d8a079fbf898b44222ec909ded047696261a849eeb033", "28716226e1413862e88614d499c19a2d3b7ac8d3b2e0321a688ddf19af549056", "4b4f60d8f108aca734d102581e253f16abed5e506b8cb51801f9b36b5ab0d8c4", "776fbfaef493c436c8f7ea4f025e587734f48f67c7d5ad660275f4e40fcc6b47", "79ae3f16462f7e32ad2e8a45f79f166a2321c78c16564af8ee36f32cf616ce4e", "97f82ae47b756502c4db71811843856efce5c449e0bba48178b9c27d1f98f987", "b83f2a183484e660d3b5b4399c7069f62a7b9b22b4461bf2961633c03cd3f944", "c89c5bcd3a3a85c6b80005f47998b8cffbf08565c63f5805f3fb187c0b4c2c0b", "d21913c6b3fd6e35c7c8346f336cd9b373babbbdbfcdc61e48a9f3360218542f", "d665edff65709c124fc043bb61747a3a17e85bf6ed0ba666eca66dd02f5dec40", "d74f29c45c88422bd8ec3d11b660677adb0eb8dfafb6dfc1d685ddf2cfe5fa54"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Extensions"}]}, "reports_count": 13}, "Win.Downloader.Upatre-10013406-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-uses-fasm", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "artifact-windows-task", "hashes": ["a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "2e3b44e8ef2691ae6e153db72597868dfe7040dbd7e59d56adb8d758813c2f43", "2ef86c8975a33e705491c9029f3bf1a6ac1c3e73c4d4b9ad5d639611f9e777c3", "32ef450b32c036f405817c0d366ae60b7613aefc71ab9db1759980c21b19a2aa", "3476bbb8c6eebbb5c7c2d751dda6be68dbd8191fb99fef9c60f96ebd8080fa13", "3509ca07286c32140a2c419ba60f924204e5931ccf27871e22e9551c7f48677a", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "3b1893d41649c23593b35bba213a3ce30d13acba1fcbcfa2d0eada1b9abb807e", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "3ba7beaf861e9742fd171863dd5fb303869ae97b8e760097f8358cbb71e78ec5", "3f666b76226030b960d62e7414eb99c29a0f187da89c7d31b02b67cafe36b061", "3f8180b158120785d792d0498b4af8034fde85353ccf2ae61187387065a67103", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "40f9264d13620dacbdcc10f48a1ce9fde0ee5c5f3d660409f742273f75c1f135", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "47484328154e0d9ea2f32e9bde3a7cde512b6e77b7f16b45e526434bb54510b5", "4ada0905304bf3723a4a7c42246c46b18afce7cc8dcdba9f38dd940e4f05acd1", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "51727c06269490c20e4cd8582d79ab44dfb2ebb8f45f5789580433be80b4e07f", "55dc027f546f1bfbb344ee3739b9141bbc923fb499e7f6ce4bfcea5c3f333db5", "5841b84c979ee1e567c02dfbf8d06472ce8b2277b963da55430879aaa282a597", "5ed48640e93a793e0d08c21d7609fed91b42034f95e1257cec64225f7bae7027", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "67f2fb6754783b46f7961638031d15ebef6033531e725087bf834557fb04c505", "68850810bb3ea795bba795b8bb5b7a38064d053764d20c1dc03d2d5af54448ca", "696c281c6cd4ebcb562c37dbc749ed7612f53619b37b60fe3c796d93c3e23bf4", "6c6a395fd9b3a84d55e00e24bed3f5d81fec9f928e33813afac9cd967525f02c", "6f9bc532b329d48fcbe23b145083365206b3bf18bae4e89d2501105d91616137", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "72f1dc28e8a3519a431b1866a3cb8331c9437cffd4b265147a10f52ff66cfd57", "73bc987c26ace43bfd497110dd8047c7c8d9801db7b870970c559b497639fca3", "73cf40cd65f278ec3ebb7403031f795bce1e106b1ff9a27d368deaec0621eab7", "74fbafeaff97e4d0a10e93a9771c67dc2c2b5b3e9f19dfedf055e424c970bfc1", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "7746fd373358d2f306e7af9fec743f245521774d551ec810019d64264ad11506", "78fd6882fba4505842f66c20ea679a1507a954f7aa7d6286173f2d5aa62116c3", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "7c7c054224f4bb17903457888b03a131c4aba112cb5a7d679f406e6c380bf44b", "7cca6809bfd1b1215ee27a429d94526574da8397c44db651f505f0182a9e8945", "7dcbf2e1f1de3c502f05e6f6ecd0ef14ffb92844d8aabd8352641a11a650e5bc", "7f21168deb7a767375e24c044e7a72a4e64a9920268fbe44461733821300c6c0", "8079dad665737caad058a294df4557f1c1af9ffb19ecd6605780ba013bb9838f", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "848f88bb8bf2a877fdccefdf4dacc3403557e5a53ea1cc0fd662367a8cd53a06", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "86d3d5d5e58ee8e8b40384ebc42ab34c2227486d09d18fc3d451ecec6947475f", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "8b7b2707e620ea715bdd562b05d4959ea9d48884601d8ed6fda3b41736dda749", "8f66059c36eae74d9630860c5cc06f9a855283e2ef799872710d77200641f560", "91dea50c95e345e00134a8f2cda8e8a988497c7f76f749ae4a4edd575392df97", "94b1504a1a5238ceed5d3ba4664a63a20ce0432556614ccfb71cbd5331dfb3d2", "96020772f192c0dd8b4316985959f54628b1454729bd21db51cff9ea4b063781", "99a60b3d7387b2f862463d2ecf83168c11fbeac1f083975bd7d39c0fc57ea886", "99b0dd96da557f011b163308815292e3537ebf2f0920a98ba16f4d5647fee064", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "9cd1fa457227cb36bac5b912155aabe909d76b337c82c0e16a62208594cd7f85", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "a14a8bdd98088d80f972073dffe16b31752f17ae182e620f9de37b7db12c3b3a", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "a3de588faa2cf2e2eed60c4227b01c0c7ef7ceaa9c2d94b7a3e3f611fb06bfee", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "a5902e5eb4b19d84a02a1f302e97929554783bec043dd2ea619f41d4eb01a38f", "a5fdc8efa823c472cf188d81cb458349c44f97204d8b05ca1738c7a279d43254", "a6423b5922cbc493f287da4ca0f34ad2af6b32ddafcca879eb21fe52c66fa757", "a81f4dd1b5239bedcc0e7c43b914c5e6af0eca3e1ed51dd17e1cd1c5177841b6", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "adbe07f79ff2a78941ea0a16f36cff3db2ac154e10036975e412280935df8693", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "b1cf2b6cd588b369f9f6a62583ff16c2e3b062d18bd8b8a5b8cbe821ffc5caf4", "b2477ee1fddf7937e10fca7660d2f70f17215086e522ae05ab75084fc59671ac", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "b777d29da8f491aeb66de5378b7db0d207ba09d57dc4ef48b66c91dd468408b0", "b7c816085f969d50208ed54505c9f31c4962f430350952bd782ff8b09ae77060", "b7ea4527e716041dee1f67d0f85fa252af3b7484b3eebe496d518bc24142da20", "b8c9ac459cfab08b388402d0071845f0f200ba19fd49ab7218780002d696b4c5", "b9ef0067d0b0e621d3924e129a2d48d1e6b21fd085d7990bda272ce81fbdeb66", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "be3c36bd645619d9029db5a9bba8e9c3ffc58d13e24b144aff87327a7520e312", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "c0371d890066773a8e5cf646f6454fedb7d905370a386c46fc71953fba94c99a", "c0ad347686d23de662dcd57a6a452240a096739b862beb98a7a0a66936993913", "c14a44e5cf59599165fc1b1e21752b08d0df03f4a0100360e47fe9c74642c9ac", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "c792a55dd3e2d6cb4721ff235e39eddb62322947d0cfe9646e18ecc4a6a52982", "c7d190d637c886b327d7228cc2e0496b998dc999a069c242b9dc7007311ae7ea", "c9d0ffc7138a9c712f2977e396bfd12ae1cd082f831070a5f165b8f89dc57376", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "cf59a2df6b66c2a687d4910e11a1d45c76d20b933d98b34f7602d4498062ea94", "d0bc9081ea85ee1d31efc4963ae8129494363fa0f13213beecc20fe665a8e40a", "d1575ef3a7cf7f36b462ad6a50e4b485b4f55c41d032e61da882e973f2581fdc", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "d215b5a9bb75304f3ab3298d4aa721671cf5246040762cd25c016da88d6759f1", "d393a1ce07c79aba6e431b0c06368403f897358ec8e57f37da5f559a851a9d20", "d403ed1c98b1b254dc0e536f139e27a595b6412439e61b16e847c948ace74003", "d4565b8977adb1fbb884b7f3b4e76816004d606089b3a285fc8ed57a97ec7fee", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "d4a35b058cd33a5e5d0aadb786e6fb2e870a2df5f7b567fdb33184c1665913bd", "d732959e974d8240dda0a0599c905a43ccdf87c31be0b80687f9cb7d184e8c8d", "dad7bc6f478383b17c6c418545634ca5503550ed2fb0cbed12042b9ac8ce907d", "db231a6e5a38ca6124b3236520ee3fec4e18c07ff74bcc6db240b9c03d056ded", "db6ed0c82acb40927754942d289e84e15f959f62e4b22eca086bc7c56f306c86", "dece70cd5742a1dbe2b357670f16c23580bfbf2057aae9e93a38608a3a4ea038", "dfcf382743c5566ca6c2096750d752f4d7ff8d346cbc007fafcc82841da41cc5", "e1e2d5a36e9186e53ea67d20ef8f97e5f1ea0aeb21a93c9187cb5cfeea87b2fd", "e60518b88ea4f11a393c2a95516c179093289e7ab1de8ad8ca1388ae24a1c083", "e694924e9fc526fb2a6ee9429900e2ce3edd2b2d44454117562d812ee744dbfa", "e6fdf1d9c6deeaa06cfd1b3090a048d1c78fe211dc0ceeb00add3446bd700892", "e7bc4b2ee0a6b16e928f5cf1328a6254442ab5a63a6c88762c7dba4e1181f616", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150", "ed278824bf422fa0098e3b2e994763723216ba351fcb95e343d270ef0c7bda1d", "ed39dc40cbc2dc6dda8fd47ec85b2212bf3ff6e43964d5e7d80e153e28193f18", "f0bcd2104824347efdb0030d4208f407b0dd2e270833c1bf704c9eb87f8a7b23", "f0ec8c7f5eaef29dba1f6c613362003bb8812869fce875f6ce062a42ab415824", "f163d7772efb649c40445e5d74a62b9ab0f38ce759d680994fbf6668d4d2b274", "f1afa76979c56b742193648d7242dcd075378a212e87236012c6ba6c45ca011f", "f2fcb2b856f75496ec02d44527e89fa2e5ba8a7b71d67cb391cfcba06992c261", "f4bbf727bf7577a705a82f9f32aef32bda01effb6f042a9c045bd31f5ef3f9f6", "f5a0ea5edab57588652d2bdd0eeb848e16ff6308ad5147249d2d7cc9e5bb4be3", "f73ce3eeea00801636ed86d967dd650961434cecefc4f5931534328dc028d13c", "f7f8edce45954a3026c927a8934365f42f5c09f8a1bf7f5a8f2599a33c531a38", "fa988e08b619c8f9dcf72b6bc8f4bcdf7fcc51c54798b53efbcb56b02ce0100e", "fe68e3eabd2eff6f129f5b24f2331a7507f0ac378df164e1ecb45da0060c5f3e", "ff27b4d608b093929842e80ad98be426b9208ec1df649bd5f791c08257c72335", "ff83313dee128ef691e5f61bef3f6ffe0c1ecdf296a61c2ea27b2f5a223b5411", "ff90fa56b55eef380e9ae8675144c549bc679ca895d4d086824a5713129ffbf0"], "iocs": {"domain": [{"hashes": ["02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150"], "host": "icanhazip[.]com"}], "file": [{"hashes": ["02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150"], "path": "%TEMP%\\murzuja.exe"}], "ip": [{"hashes": ["02627c827c7ed7cb06e0b8b8579f09d41309a34dedc21f6cbfda0c4ad111e633", "036c65acf57caf215ad7f2b61b514588aaf57b834116c9414ccf4be0153d8dd0", "0a6ffe8c5e7617aa0e44f415937d84008660f31af54d00322791dda2dba6a9be", "1063a4d37d9f88b22d74bd04c0c6f7935ba89a6d2dbed6cc74b32c4fb8416647", "11ab4795253d6c47f03139b8fbd20662798c4826b0499050497083452337918a", "1e69a3611389c0a022da61343c970fc223112e19770fce3eea6f5d6a7688da7a", "2171271cb6b501695f5d4ed386b756929e133b7d7ae4effb81d6297937dfd54e", "22df8ec37631f3914b9c533c50ba28ba603c04674300fedf032822830c110e16", "248de47e1f95e84826ddd16ba9d75976ac08b2f964925317b9029c3e4f88a9f0", "2a4a2c50d96b49fa61b1cccf3500db4a8e5a9b078bcf1a95a5f932c242fb1198", "2a92e428519d5243b702cfbbd3d15470d68cf70b51b46234fb48a6f9c311b367", "2c5fe5a61d53230430f719ed030a92a52b14d62822db8386db1deb8bb9dff3cc", "3b9fb79bb53fbf33e05070fd7f5ab0b449b88ddc84adbaf6e93ab6fe4dedc8b4", "407f06014c0ce01f854121fe54211f65d6588a3af2d75b876c3ca7568e21296f", "447b98e60ce1681f9d59aa861cd265101d8ea8d740a82a840440eb9eff440ba7", "4c6409dc00c4efa0c72008e20337b6249a96423d26b2f6c9058516f875a1c965", "636fbc3b160f7ecd1f94f206585e964b13b0ba913d46b209518aa1ef80688311", "7046ea3aef7f41dfb1947edb38fd05cbdc2366938e44e3996e3ce8c685bda22b", "761d7b56174cfff60df0a49ef517d3a713648aafa61fc3612d066a60c1ebb729", "7707ce98cf303d0b2205b06d1b96a1fa3e4b3928ddfae5e63b082c23c5b45cee", "814a53a2ca13dbb44a1dfb0eddf7bd03dd3214f332783b87981d335f5affbc07", "84ec063ece7aacb3552890b33e3c042f58cfdda8e7e48d6be4a790e0f071fb01", "8a7de51f32f4a6bb456d4178418fe685bd141ccda3a15b477eb9627bc4199287", "9b062ad6db67eada17dcab424e5976d8372df36d21fb21b59c6138342ddc42ba", "a17e99b39353a0da730e1516d9bd0fe44919840fb3a248f755899d60eaa2f686", "a24c4df5ec582e6ba25849089f757bfa1d04c596814973cfc6573be413f3078a", "a433b49bfd6dde250c9cf9de7346d2712506854837e64527918f30676d301bd6", "a4a74d4e3650764e615b96bde55173dd019d0dd5231ad9924529827b50822162", "ac3ce361ae842bac3231efab3585e89f42a9aa12d4aacf756d2ec741a8dae74a", "ac7fbf8ceebe53bd1e03f47eeec0cd0af73fbc5f6969a579463e9c2a91cc0680", "af4406d2d4478b8acd36ed8da2049b76dc5141ee2ceaccccf4f7eb6799f71a51", "be32921103fa0a4ab87b8994897719d3753402b9c24b9a8f33dd62c21a62ae23", "bfbd5d50e5f3853d924ca93a76585c8d3828cc09f001a41a5ee3e875ca23ec88", "c33f94d61504b3fb8d8c51f86bbb0d3332b1b4fcfdad13907264f0c0613af306", "d168341a6ab6b6c1f2611a542ad7fadd31a5be157823808f12e6e916cf9de68f", "d45dfa93f6e58949ab279fe72bd59dfa75ad5d0c04613a90b48bfefe7da9fc84"], "ip": "104[.]18[.]114[.]97"}, {"hashes": ["02909ed4e0457bf8342cc7f6b5a40da25879b344b1193fa2902a946f35b87edf", "04042ea6ec8b598fcb8ead8f8002f64568ead807aecb5801f44cc28a4ce034ff", "0a9d65e29aff36bfd2c98bf5c0a8ccf246da39e11c3fc5b1a67c693c735a9f8a", "0dbcd3c2f5e21d195f9061c8a8efdba3aa33ebe74dcff73cf5ecdca637b730f7", "0e6bdb6f60252434dd2b0136025d7c1f3ef12f078a2223f8a249635cd56adeb3", "0eb45a5851243f1f75a3c81ac14f13427dc57d9acf04557f0ef422cb105c4c96", "19ef0532a84339ab7cefb178631ea3715b27f9cfdf403428f584b5c609f9a21c", "1b462cc5e7c02e976468b4385af3aa0fc331b92c5d26866b4d0828b6917778d7", "206c7347eb7b833f93fbd9443946f58f5b186d12199d597b36ae3da0d59fd8d1", "22c28311a81fc7c7edf453514b2dacfa5740b770a1cb04ec2dcd5c3b142564b0", "29355acdbb6325357a7e102ef75271e9a4b76584480dbe2684dbb67776beffb6", "2aeba5724cde048b812473a94bfe63e6c781e498cf00c7b1c6202c6f3d717de7", "2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707", "3a81e9ac30b05430347f269220dd7f14616556ef99c1a95d1fc3a236de84ac65", "3b3a11141ba1b81a522b3b3b7f2dca5b055fe94929804753f076921a4a2f3bd9", "3fdfb9db2c5cd51ce55f5ca9de99b36be205722c55eeb4c2e5e9654e59b198aa", "4df78103152a7d74254c8838f7005ee48508e6d73964f34e11aa01ffeb167b2c", "70c1d841fb8fe92145100e6fb119d933d2eb6e3979d563f8fdef9b9311c7d10f", "7afed7b1717f094a1124353b90a3c31f723a9c8faf336b9f892b9d634d0ebbd5", "9b06509bc8465a74a1e2ccf8bedcc2219c527e5015605eaa17240191c5927895", "9cfc80d59fe86e6d7577f11e2abbc6a8f69715c875de614e90add8a542c2238b", "a0b3b276843adadf158a5b2701ce2b620a44b64afdec3064e6ddf11574f4628f", "a4c2829520fc326835c68517581b541ee26bb182dccc790d5738121faddf8757", "ae0e4fe7fe001d25ee8e54d776e9d79b04ee01bf7ebd2083485fa380bcf4adc7", "af3cca6cee45812265082501886c54cc5bf866b533016dca34833692a899a73e", "b18fdfa582c5ae0d295f74f3d4446600e477d7d19dad0346fb989187c6ca91f9", "b646ea628563cc6e3bfe98e9ce4f3a7ebc3f7e9f0f9280af8f75873371a3ebe5", "bad1ebf4152ecd9465c4116962c9f8fd2022306274a6343f9a2f050003ccf560", "ce8cede850a41a2e8912f8ea222490732d1f43567d773752f927f5458c1cdb06", "eba2ff80271ea7f81660da0873d97976e4c8a76d5cd9168242318d240d6af150"], "ip": "104[.]18[.]115[.]97"}, {"hashes": ["2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707"], "ip": "95[.]143[.]141[.]50"}, {"hashes": ["2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707"], "ip": "68[.]55[.]59[.]145"}, {"hashes": ["2bf2d78f43dddf5b894a588e9a60cead65485dd4fe1934132e56f85bb72df707"], "ip": "37[.]57[.]144[.]177"}], "mutex": [], "registry": []}, "reports_count": 67}, "Win.Dropper.Glupteba-10013467-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "pe-packed-upx", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "enumeration-browser-information", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "windows-util-schtask", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0003"]}, {"bi": "cmd-exe-file-execution", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-imports-empty", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "excessive-process-creates", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "pe-certificate", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-imports-toolhelp", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-dos-header-paragraphs", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-imports-exe", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-initialsp", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "feed-domain-ransomware", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "registry-service-type-modified", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "bcdedit-disable-recovery", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "pe-header-timestamp-null", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-relocations", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-subsystem", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "enumeration-bcdedit", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0007", "T1082"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0007", "T1518"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "windows-util-bcdedit", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "process-check-vmware", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "dns-query-txt", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "network-discord-domain-detected", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "dns-query-stun", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": ["TA0011", "T1095"]}, {"bi": "embedded-pe-resource2", "hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "mitre_attack_tags": []}, {"bi": "file-pending-delete", "hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "mitre_attack_tags": ["TA0007", "T1049"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that uses the infected machine to mine cryptocurrency and steal sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "iocs": {"domain": [{"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "msdl[.]microsoft[.]com"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "walkinglate[.]com"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310"], "host": "stun1[.]l[.]google[.]com"}, {"hashes": ["aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "stun[.]sipgate[.]net"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]createupdate[.]org"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "host": "stun4[.]l[.]google[.]com"}, {"hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca"], "host": "stun3[.]l[.]google[.]com"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]alldatadump[.]org"}, {"hashes": ["cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]localstats[.]org"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "host": "server10[.]alldatadump[.]org"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "host": "stun[.]l[.]google[.]com"}, {"hashes": ["eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "stun[.]stunprotocol[.]org"}, {"hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202"], "host": "stun2[.]l[.]google[.]com"}, {"hashes": ["2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824"], "host": "stun[.]ipfire[.]org"}, {"hashes": ["2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]filesdumpplace[.]org"}, {"hashes": ["eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]allstatsin[.]ru"}, {"hashes": ["aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34"], "host": "server3[.]statscreate[.]org"}, {"hashes": ["aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]statscreate[.]org"}, {"hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]theupdatetime[.]org"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "host": "79102df1-5f9d-4ca9-bdf6-1fa1060285b4[.]uuid[.]myfastupdate[.]org"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a"], "host": "server3[.]createupdate[.]org"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "host": "server1[.]myfastupdate[.]org"}, {"hashes": ["eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "host": "server4[.]allstatsin[.]ru"}, {"hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202"], "host": "server3[.]theupdatetime[.]org"}, {"hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58"], "host": "server1[.]createupdate[.]org"}, {"hashes": ["2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824"], "host": "server2[.]createupdate[.]org"}, {"hashes": ["cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310"], "host": "server8[.]localstats[.]org"}, {"hashes": ["2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca"], "host": "server10[.]filesdumpplace[.]org"}, {"hashes": ["d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "host": "server15[.]localstats[.]org"}], "file": [{"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%SystemRoot%\\rss"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%SystemRoot%\\windefender.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\injector"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\injector\\NtQuerySystemInformationHook.dll"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\injector\\injector.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "path": "%TEMP%\\csrss\\tor"}, {"hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "path": "%TEMP%\\csrss\\f801950a962ddba14caaa44bf084b55c.exe"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a"], "path": "%TEMP%\\csrss\\dcb505dc2b9d8aac05f4ca0727f5eadb.exe"}], "ip": [{"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "20[.]150[.]79[.]68"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310"], "ip": "104[.]21[.]23[.]184"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "ip": "20[.]150[.]38[.]228"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310"], "ip": "142[.]250[.]15[.]127"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "20[.]150[.]70[.]36"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "172[.]67[.]212[.]188"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "185[.]82[.]216[.]104"}, {"hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "3[.]33[.]249[.]248"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202"], "ip": "185[.]82[.]216[.]108"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a"], "ip": "185[.]82[.]216[.]111"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "ip": "162[.]159[.]129[.]233"}, {"hashes": ["18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6"], "ip": "74[.]125[.]128[.]127"}, {"hashes": ["1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca"], "ip": "172[.]253[.]120[.]127"}, {"hashes": ["2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34"], "ip": "185[.]82[.]216[.]96"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "ip": "162[.]159[.]135[.]233"}, {"hashes": ["2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824"], "ip": "81[.]3[.]27[.]44"}, {"hashes": ["5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "ip": "142[.]250[.]112[.]127"}, {"hashes": ["ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202"], "ip": "142[.]250[.]144[.]127"}], "mutex": [{"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "name": "Global\\SetupLog"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "name": "WininetConnectionMutex"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "name": "Global\\qtxp9g8w"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9"], "name": "Global\\xmrigMUTEX31337"}], "registry": [{"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXWDDM", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Type"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "Start"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ImagePath"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSF", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Type"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "Start"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ImagePath"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXMOUSE", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Type"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "Start"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ImagePath"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXGUEST", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Type"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "Start"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ImagePath"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXSERVICE", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Type"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "Start"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ImagePath"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "WOW64"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\VBOXVIDEO", "value_name": "ObjectName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "csrss"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INSTALLKEY", "value_name": null}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": null}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "DisplayName"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "Publisher"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL\\UNINSTALLER", "value_name": "UninstallString"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFENDER", "value_name": "ErrorControl"}, {"hashes": ["053421a64d181eacb1e3c1bb16e87107462a32c11c91c7f77059adf82198dd4a", "18e21947b1c4b6a364e6844183a2e1146a7aff868f7659de8ff4e2094c138aae", "1ff3ea05dc55c0f1bcf63d5ed247c30db85ead74eb543e7fa42d612f5a877a58", "2b6fe7559d8372ace429d8e8e96ff196d0af56593a31b33d8b6967f3e92de824", "2c3498ae141cab2a551e48070676e127882cd72d56ac29b742a968042aa380ca", "39322869eed23d913a8e2ab6fbd902e9bc1d1a2a5d2c537b9ecabe10172723c6", "5bc8c1bfbf0506a24f4561666117a459f91404b859b61112a0a709404f2cb3d9", "aa7c8cd6668998b0a41960ae3a65c30fec966c81c9ec49a3e8f6b85e1faeda34", "ccfe83f9d4edf14bc10432f13b7d536893f967d9aba631c4a58c2333d78eb202", "cfb46da0a07f529ccf93fa018e57a878ea1a8192587757d4e4d1789225787310", "d29b1f159ddc23aa0ce5bd9603bce5707516d026da67cba7997a15ad06dd291a", "eef3627e8e0145aa519300d639898f7478ae1f0151eb1b5b788c834ffc6f786b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "UUID"}]}, "reports_count": 12}, "Win.Dropper.Tofsee-10013531-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "1c1062e65701fdea8fa0eca0884f974b8c9e6cfe70391dfc33fcbf5594b1ebf8", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "1599d9770df3e105a97d69cc47a49732db055e9e7a2dc5e7c777b8b33d3a7e35", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "1c1062e65701fdea8fa0eca0884f974b8c9e6cfe70391dfc33fcbf5594b1ebf8", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "1599d9770df3e105a97d69cc47a49732db055e9e7a2dc5e7c777b8b33d3a7e35", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "1c1062e65701fdea8fa0eca0884f974b8c9e6cfe70391dfc33fcbf5594b1ebf8", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "1599d9770df3e105a97d69cc47a49732db055e9e7a2dc5e7c777b8b33d3a7e35", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "memory-execute-readwrite", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "1c1062e65701fdea8fa0eca0884f974b8c9e6cfe70391dfc33fcbf5594b1ebf8", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-file-in-user-dir", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "1599d9770df3e105a97d69cc47a49732db055e9e7a2dc5e7c777b8b33d3a7e35", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1574"]}, {"bi": "currentcontrolset-service-added", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1547"]}, {"bi": "process-long-cmdline", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "dns-query-nxdomain", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "sc-service-start", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "netbios-null-domain", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "sc-service-create", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0003", "TA0004", "T1543"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "sc-service-create-execute", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1569", "T1543"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-smtp-spambot", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "deleted-submitted-file", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005"]}, {"bi": "listening-port-opened", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-generic", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "TA0005", "T1105", "T1112"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0005", "TA0007", "T1497"]}, {"bi": "nginx-webserver-detected", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "suspicious-user-agent", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-file-uploaded", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-communications-http-post", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "mitre_attack_tags": ["TA0010", "T1048"]}, {"bi": "network-snort-server", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "mitre_attack_tags": []}, {"bi": "double-url-detected", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "network-http-non-standard-port", "hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "mitre_attack_tags": ["TA0011", "T1571"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "mitre_attack_tags": []}, {"bi": "eml-mismatched-name-from-header", "hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "url-not-found", "hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-safe-categories", "hashes": ["ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "mitre_attack_tags": []}, {"bi": "http-response-server-error", "hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "network-dns-upload-file", "hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the size of the botnet under the operator's control.", "hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "1599d9770df3e105a97d69cc47a49732db055e9e7a2dc5e7c777b8b33d3a7e35", "1c1062e65701fdea8fa0eca0884f974b8c9e6cfe70391dfc33fcbf5594b1ebf8", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "80015dfd0fb4f0867daa13132c1ac922cc94c850853b874bae77e42c5248a7ee", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "iocs": {"domain": [{"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "249[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "www[.]google[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "vanaheim[.]cn"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "249[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "249[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "249[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "249[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "249[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "i[.]instagram[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "microsoft[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "www[.]instagram[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "www[.]evernote[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "steamcommunity[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "www[.]tiktok[.]com"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "t[.]me"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "api[.]steampowered[.]com"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "www[.]youtube[.]com"}, {"hashes": ["3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "host": "oauth[.]vk[.]com"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "identity[.]bitwarden[.]com"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "www[.]ebay[.]co[.]uk"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "host": "api[.]vk[.]com"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "ustawienia[.]poczta[.]onet[.]pl"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "host": "work[.]a-poster[.]info"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "host": "api[.]twitter[.]com"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "host": "static[.]cdninstagram[.]com"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "host": "in-jsproxy[.]globh[.]com"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "host": "smtp-legacy[.]office365[.]com"}, {"hashes": ["42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "host": "rr5---sn-vgqsrns6[.]googlevideo[.]com"}, {"hashes": ["42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "host": "rr4---sn-ab5l6nrs[.]googlevideo[.]com"}, {"hashes": ["d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "host": "account[.]metafi[.]codefi[.]network"}, {"hashes": ["42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "host": "rr4---sn-vgqsrns6[.]googlevideo[.]com"}, {"hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "host": "setup[.]icloud[.]com"}, {"hashes": ["d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "host": "ethbook[.]guarda[.]co"}, {"hashes": ["d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "host": "guarda[.]com"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c"], "host": "carangasveiculos[.]com[.]br"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "host": "baglantiekipmanlari[.]com"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c"], "host": "growfurtherllc[.]com"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "host": "dev[.]icarbuyer[.]com"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "host": "chehsan[.]co"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25"], "host": "saboordeveloper[.]com"}, {"hashes": ["f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "compuser[.]shop"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "host": "farmacialasalut[.]net"}, {"hashes": ["518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773"], "host": "sw4camionetas[.]com[.]br"}, {"hashes": ["f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "host": "kimcartoon[.]li"}, {"hashes": ["518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773"], "host": "lifefirstrescuemission[.]com"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "host": "[240e"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "host": "news[.]allinonemate[.]com"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "host": "[2408"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "host": "[2a01"}], "file": [{"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "path": "%ProgramData%\\Microsoft\\Assistance\\Client\\1.0\\en-US\\Help_MValidator.Lck"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c"], "path": "%TEMP%\\qzfqodv.exe"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "path": "%TEMP%\\foufdsk.exe"}], "ip": [{"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "176[.]113[.]115[.]136"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "80[.]66[.]75[.]4"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "176[.]113[.]115[.]135"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "45[.]143[.]201[.]238"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "176[.]113[.]115[.]84"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "62[.]122[.]184[.]92"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "80[.]66[.]75[.]77"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "83[.]97[.]73[.]44"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "31[.]13[.]65[.]174"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "31[.]13[.]65[.]52"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "ip": "172[.]217[.]165[.]132"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "93[.]115[.]25[.]49"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "34[.]120[.]241[.]214"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "93[.]115[.]25[.]10"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "93[.]115[.]25[.]73"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "93[.]115[.]25[.]13"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "93[.]115[.]25[.]110"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "ip": "158[.]160[.]73[.]47"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "149[.]154[.]167[.]99"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "172[.]217[.]21[.]164"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "ip": "23[.]0[.]18[.]123"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "84[.]201[.]152[.]220"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "104[.]47[.]53[.]36"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "ip": "20[.]70[.]246[.]20"}, {"hashes": ["3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "ip": "87[.]240[.]129[.]135"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "ip": "20[.]236[.]44[.]162"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "20[.]231[.]239[.]246"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "99[.]83[.]253[.]192"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "ip": "52[.]101[.]11[.]0"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "ip": "104[.]244[.]42[.]194"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "142[.]250[.]72[.]99"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "142[.]250[.]65[.]206"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "157[.]240[.]241[.]63"}, {"hashes": ["42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "ip": "142[.]251[.]40[.]174"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "ip": "142[.]251[.]40[.]100"}, {"hashes": ["518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "23[.]15[.]9[.]26"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "ip": "20[.]44[.]209[.]209"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "ip": "20[.]76[.]201[.]171"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "ip": "23[.]62[.]169[.]228"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "ip": "52[.]101[.]42[.]0"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773"], "ip": "162[.]214[.]206[.]251"}, {"hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "ip": "104[.]18[.]40[.]204"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "ip": "172[.]64[.]147[.]52"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773"], "ip": "23[.]15[.]9[.]50/31"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "ip": "142[.]250[.]181[.]227"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "ip": "64[.]233[.]184[.]188"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "ip": "59[.]82[.]44[.]11"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "ip": "59[.]82[.]29[.]232"}], "mutex": [], "registry": [{"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88", "2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96", "2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c", "3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961", "42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770", "70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c", "98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b", "cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1", "d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f", "f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16", "f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13", "ffb9de19ee6cc9a60877abaac8fb9aa14922438b47603084a2470330644de239"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["03408910e1c86cc056f6135cb25bfdce0a3530c3dedd2d96dc6a40602f837c25", "518e73ce19f80568856c6fdc5256a36bce0e0a3d90c10fad0785a49126ac3773"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\blniewvr"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\ASSISTANCE\\CLIENT\\1.0\\SETTINGS", "value_name": "IsConnected"}, {"hashes": ["2c4bb17a2e6d629b65c33e0c0c59ecf4dd36e5b8d51cb3c46ce9310f7c81138c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\isupldcy"}, {"hashes": ["cc0cdaa2852647954c8cabd65e9643ce8ad5efd7b375aa8ebae117b6239aada1"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\oyavrjie"}, {"hashes": ["f73955aea9b55ae0a5088f688ab408a394c2a6cfb88d4a8ae55370ff4356fd16"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\vfhcyqpl"}, {"hashes": ["d6ac332db3811db38ec9a3901df479e6e76a12f7cc2485d52ad6d3395f65006f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\mwytphgc"}, {"hashes": ["70b11bca91cb73e563a87fd4a09fa1c8618c650cfb19d1ac7933c39b35cd8a0c"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\eoqlhzyu"}, {"hashes": ["201287642e01dd6fcc785929ac1dd66a9b9961f95128267d220993af7f3d4c88"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gqsnjbaw"}, {"hashes": ["f909a687d10996b76a0b847d7fbd686231b4f60c3c134e1bdb4144555fd67a13"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\zjlgcutp"}, {"hashes": ["98c2ff26ab1bc639c2f1600d6127245b719dbfe619c784a9458b826d5aeeda4b"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\dnpkgyxt"}, {"hashes": ["42ba3cb49ff67fd0526e68328c20c1387f8c671ccb5f0a2eb832c50d9c950770"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\lvxsogfb"}, {"hashes": ["3d0d45b889aa467906cb79f015ea61d6b80f19b4d454affabe12bfe4bed95961"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\akmhdvuq"}, {"hashes": ["2955d095548626a3a61cf4358d7d6de5f3233d14592f94e0616a74b3169dab96"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\uegbxpok"}]}, "reports_count": 17}, "Win.Dropper.Zeus-10013588-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "pe-invalid-checksum", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "process-hollowing-detected", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-autorun-key-modified", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "pe-filename-mismatch", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "sample-modified-deleted", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-deleted-used-batch", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "feed-domain-banking", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "windows-firewall-halted", "hashes": ["83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "net-service-stop", "hashes": ["83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0002", "T1569"]}, {"bi": "modified-file-in-system-dir", "hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "crash-dump-file-created", "hashes": ["097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-registry-detected", "hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": []}, {"bi": "malware-darkcomet-mutex-detected", "hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1087", "T1005", "T1119", "T1114", "T1552"]}, {"bi": "malware-ufr-mutex-detected", "hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "eml-same-sender-recipient", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "outlook-express-com-server", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0009", "TA0003", "TA0004", "T1114", "T1546"]}, {"bi": "eml-link", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "eml-mismatched-name-to-header", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": ["TA0001", "T1566"]}, {"bi": "email-same-sender-receiver-domain", "hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-deletion", "hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-created-batch", "hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": []}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "feed-domain-rat", "hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "mitre_attack_tags": []}, {"bi": "created-executable-sample-appdata", "hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "network-snort-app-detect", "hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b"], "mitre_attack_tags": []}, {"bi": "network-communications-ftp", "hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "network-ftp-no-artifact", "hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-zeus-variant-detected", "hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-protocol", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-asprotect", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "html-small-file-redirect", "hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89"], "mitre_attack_tags": ["TA0003"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1539", "T1555"]}, {"bi": "malware-generic-infostealer", "hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-chat-program-information", "hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552"]}, {"bi": "enumeration-vpn-program-information", "hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "mitre_attack_tags": ["TA0007", "TA0009", "TA0006", "T1083", "T1005", "T1119", "T1552", "T1555"]}, {"bi": "registry-autorun-key-system-dir", "hashes": ["b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ponystealer is known to steal credentials from more than 100 different applications and may also install other malware such as a remote access tool (RAT).", "hashes": ["097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21", "1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b", "956275197ed36332417fe84b947e5d7ac894fb67fa262dc765444c952a13b5bc", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "d31026b1a833d238b3cf37d7297f7dc3cc33d045ed9044ee21b7e417882e4d03", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "iocs": {"domain": [{"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "host": "www[.]bing[.]com"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "host": "cacerts[.]digicert[.]com"}, {"hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89", "b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "host": "c0p1[.]com"}, {"hashes": ["79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "host": "salarsokoot[.]no-ip[.]biz"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "host": "www[.]unitedstateforus[.]com"}, {"hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "host": "tf2m[.]ru"}, {"hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "host": "pin47[.]blogspot[.]ru"}, {"hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "host": "ftp[.]ytruhgnhvjukuffkk[.]p[.]ht"}, {"hashes": ["c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "host": "gbproof[.]org"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "host": "spitfire[.]ufcfan[.]org"}, {"hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06"], "host": "maldovaars[.]com"}], "file": [{"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "path": "%APPDATA%\\<random, matching '[a-z0-9]{3,7}'>"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "path": "%TEMP%\\tmp<random, matching '[0-9a-z]{8}'>.bat"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "path": "%APPDATA%\\<random, matching '[A-Z][a-z]{3,5}\\[a-z]{4,6}'>.exe"}, {"hashes": ["79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "path": "%SystemRoot%\\SysWOW64\\Drivers\\task.exe"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "path": "%APPDATA%\\InstallDir"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "path": "%APPDATA%\\InstallDir\\help.exe"}, {"hashes": ["b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "path": "%System32%\\windi32.exe"}, {"hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89"], "path": "%ProgramData%\\systemskey.ini"}, {"hashes": ["a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c"], "path": "%APPDATA%\\Utus\\uvuw.oxi"}, {"hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "path": "%TEMP%\\cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575.exe"}, {"hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "path": "%TEMP%\\YaCheck.exe"}, {"hashes": ["c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "path": "%APPDATA%\\Weyf\\eqsyl.vot"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6"], "path": "%APPDATA%\\Ivlov\\qinee.asy"}, {"hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b"], "path": "%TEMP%\\5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b.exe"}, {"hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "path": "%TEMP%\\report_05-11-2023_18-26-11-11B0A35710D760E40567A55CF3411F9E-NLGD.bin"}, {"hashes": ["f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "path": "%TEMP%\\NO_PWDS_report_05-11-2023_18-26-11-11B0A35710D760E40567A55CF3411F9E-NLGD.bin"}, {"hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06"], "path": "%APPDATA%\\Hyraix\\viaqf.alh"}, {"hashes": ["527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd"], "path": "%APPDATA%\\Onuvy\\talyk.cea"}, {"hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "path": "%APPDATA%\\Ypep\\huni.ryo"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "path": "%APPDATA%\\Ziyblo\\usoxh.ili"}, {"hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89"], "path": "%SystemRoot%\\serwos.exe"}], "ip": [{"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "ip": "192[.]229[.]211[.]108"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575"], "ip": "142[.]250[.]64[.]65"}, {"hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b"], "ip": "31[.]170[.]164[.]170"}], "mutex": [{"hashes": ["1d5efb1de624668fa8dbc3bde4e29f3a1c57491afa34ed7006c01821fc9324d1", "28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "2cb399731194831e8aef70fa92249eae3ac2c53d78df8601e48d824315d0f507", "4c91493d94e0dfb3e814f465e0cb050177168a6dbb916572d994f09b3c116c7c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "55cc7012c73a0f31823c4bd740affc2eb1efdeecdfc7c7a569d5d666d6dc48d5", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "7fc8139b2e5cace8c217c164f62097748cf1125fdba8de1b41e1858f540bf6c9", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "bb8bbeb6a2496926919a70a4dd3817a20e8f0137afb3f13f3fc010b8681eed43", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "e00b5a8e3b1730e94a597503f6ad560d6aac5979f07e65f93a893cfb68a15fb6", "e630ac67761c1de0cec1b4f684dc8f85f7517c51bf6ec970829f03e1aa50e050", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "name": "UACMutexxxxx"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "name": "Local\\{<random GUID>}"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["5d673897a553689e7b4ca6d3be149211f1027f9c82891af1ce65ea1c9639119b", "cd8e8b5b178c2d9e5acbdeda4854746eb2709cba2fbb2e986ae1dc25f6c0d575", "f1fa9cc738ba1752968bc28fd7c9a89099f7bf2e7aab3309aa97520ac6dd561a"], "name": "UFR3"}, {"hashes": ["79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "name": "DC_MUTEX-TKAU2Y6"}, {"hashes": ["4f3823d6c5cc2500edbfe0909c60667b126e0439e77c8b1d5c4c40d459b96387"], "name": "Global\\19e8f421-7c3b-11ee-9660-001517aeb5c3"}, {"hashes": ["5eba33c82756f682fab6f35ee6d16e3675d5cd611fbf1dc46996fd24fa7f5ea2"], "name": "Global\\1d29d6e1-7c3b-11ee-9660-0015174de944"}, {"hashes": ["947d964061c1cb1ecf83cd9af68acd729ba992c807c6f2defbe0c595562c690b"], "name": "Global\\1ba38501-7c3b-11ee-9660-001517b129f4"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "name": "DC_MUTEX-V8SHNMZ"}, {"hashes": ["097f1d24084ad3668f6f92daa4fc05da8540623492c158ea41ee7ec86399bd21"], "name": "Global\\31c933c1-7c8b-11ee-9660-0015171a3bbd"}], "registry": [{"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "FaviconPath"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES\\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}", "value_name": "Deleted"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\SEARCHSCOPES", "value_name": "DefaultScope"}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "83053718f2278338d9b3c934c5645f94f5625d66a56d28e11424cd2f9e46004f", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXT\\STATS\\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}", "value_name": null}, {"hashes": ["28ec85247bb5cfc649e866fd234cfa219ec1fc580dee22bb14889a7654361eb6", "4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "527fad1b322cf36c0b367766e560f8bb18181c172d824884d1a2ebf40f6a35bd", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "a4ab9fb82f2c093ea3466b57609da2503e28c245ea0554a2a228ab41dde68a5c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\Software\\Microsoft\\<random, matching '[A-Z][a-z]{3,11}'>", "value_name": null}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\PRIVACY", "value_name": "CleanCookies"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80", "c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd", "79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "key": "<HKCU>\\SOFTWARE\\DC3_FEXEC", "value_name": null}, {"hashes": ["79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Taskmgr"}, {"hashes": ["79b3c719494efd43623afeadf817746d663819c88f2b6f67e92fb48c5092eba4", "b6748ee9af728376aea6171e27fa0281421b9404e6ba150ff99fc726241db140"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "UserInit"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c", "c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{1A01E4EA-2D84-D670-B0DB-AEA399D273CB}"}, {"hashes": ["b9a641ff22644aa474e91b92b6e1c71b91d057b1315d291f2f22b9713dd5608a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "LANDrivers"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "help"}, {"hashes": ["4f23fa7f21f6b529f2581cee723ac0f4ceaefac922868063e0c4d533ac475ddd"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "help"}, {"hashes": ["c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\KEWUZA", "value_name": "Kuombao"}, {"hashes": ["c2560bc32b415ad78cddee6794738b8484575932ea3237acd61a2d1e4389c412"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{8E249526-629F-428A-AE89-37BA344B74E9}"}, {"hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\PAHUIH", "value_name": "Ozzunaso"}, {"hashes": ["83a048271aefcc6707c1d994f55d78a85d3d05c734185b93381ed20888043c06"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "{ACEB48EA-5F14-3060-00C6-58E8C8BD1132}"}, {"hashes": ["aa546035f13f04ca14585c866f35b54e38a631064cee8d8012d3a477b2c33d89"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["c0f4f1ac3a0ceb4d6623f88a54ee15e6e73bcecb02e0c4230d4acd9f00746e80"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\DACOU", "value_name": "Raohfyiqu"}, {"hashes": ["4d565325e1c7e54210f3178909fc05d45984b4bc623d9fe3804497f713604e9c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\MAQU", "value_name": "Izalfe"}]}, "reports_count": 30}, "Win.Dropper.njRAT-10013547-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-private-ip-address", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0007", "T1016"]}, {"bi": "malware-known-trojan-av", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-disablesuac", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "TA0004", "T1548", "T1562"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "netsh-firewall-generic", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0007", "TA0005", "T1016", "T1562"]}, {"bi": "netsh-firewall-add", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1112", "T1562"]}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": []}, {"bi": "firewall-exception-user-dir", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "pe-uses-autoit", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "mitre_attack_tags": ["TA0005", "T1112"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "iocs": {"domain": [], "file": [{"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "path": "%TEMP%\\server.exe"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "path": "%TEMP%\\<random, matching [A-F0-9]{3,4}>"}, {"hashes": ["1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92"], "path": "%TEMP%\\2922\\2922.exe"}, {"hashes": ["c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe"], "path": "%TEMP%\\6781\\6781.exe"}, {"hashes": ["7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52"], "path": "%TEMP%\\4928\\4928.exe"}, {"hashes": ["113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985"], "path": "%TEMP%\\2924\\2924.exe"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91"], "path": "%TEMP%\\6119\\6119.exe"}, {"hashes": ["48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82"], "path": "%TEMP%\\2989\\2989.exe"}, {"hashes": ["d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "path": "%TEMP%\\2369\\2369.exe"}, {"hashes": ["1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7"], "path": "%TEMP%\\2894\\2894.exe"}, {"hashes": ["0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4"], "path": "%TEMP%\\4627\\4627.exe"}, {"hashes": ["58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790"], "path": "%TEMP%\\960\\960.exe"}, {"hashes": ["4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c"], "path": "%TEMP%\\7015\\7015.exe"}, {"hashes": ["6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989"], "path": "%TEMP%\\6329\\6329.exe"}], "ip": [], "mutex": [{"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "name": "7657c14284185fbd3fb108b43c7467ba"}], "registry": [{"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKU>\\S-1-5-21-2580483871-590521980-3826313501-500", "value_name": "di"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "ConsentPromptBehaviorAdmin"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCU>\\SOFTWARE\\7657C14284185FBD3FB108B43C7467BA", "value_name": null}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7657c14284185fbd3fb108b43c7467ba"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "7657c14284185fbd3fb108b43c7467ba"}, {"hashes": ["00ac33ba819475ab380691c51b37ef3f0aae4789dea3ee19a941dc2875350a91", "0dcd6cf9cca20830f39bf99fc803ce4036f60a8c9599cbf8d690d63b15edd7c4", "1047e229661a188dd1b094366c558834435208bb909b2ad14bb221eb1c2c81b7", "113f0a0e7072f324ad84c649d08970ee7e68e334061a099f0c1b6d9413951985", "1987b7a30ffdcca9651037e997520d4326271232f8ac40e470c5697ae1a74d92", "48144f08dfb3de926ad22f24b600bea45c1138fd7d4581b32aa25662439c6d82", "4ffc3afac19e6da3d800391745ce2ff9eedc1d8b19de0cf5ab95cd432a55829c", "58fe188a03e36361c73216b1fca0c3f471e1b5b582af50d4755f681fad664790", "6a81e146ef0ebf60390eefd50f8ba98b1bb003bbb14ed0d358be18a5810db989", "7e7e12bca94dedba69a99691400bd54adcedb12ccb39a98c663e553c882d3f52", "c9d1a2d3921d5aa33d493069c33a8a852df063f0e4b9313b05fc1c7a1eec4fbe", "d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCU>\\SOFTWARE\\7657C14284185FBD3FB108B43C7467BA", "value_name": "[kl]"}, {"hashes": ["d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL", "value_name": "NodeSlots"}, {"hashes": ["d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL", "value_name": "MRUListEx"}, {"hashes": ["d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL\\\\1", "value_name": "MRUListEx"}, {"hashes": ["d5f6dadb21774b0ddcef4a8ee027e6c953701a3a2b3744eed53664da88a4f1f0"], "key": "<HKCR>\\LOCAL SETTINGS\\SOFTWARE\\MICROSOFT\\WINDOWS\\SHELL\\\\1\\0", "value_name": "MRUListEx"}]}, "reports_count": 12}, "Win.Malware.Diztakun-10013372-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055"]}, {"bi": "modified-executable", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "hook-installed", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0009", "TA0006", "T1056"]}, {"bi": "registry-autorun-key-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "modified-file-in-system-dir", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "TA0007"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "TA0040", "TA0003", "TA0004", "T1112", "T1574", "T1489"]}, {"bi": "registry-winlogon-key-modified-nt", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "files-created-batch", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "task-manager-disabled", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0040", "T1499"]}, {"bi": "file-ini-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003"]}, {"bi": "windows-ini-file-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "T1564"]}, {"bi": "registry-winlogon-key-value-modified-to-userinit", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1547"]}, {"bi": "system-startup-file-modification", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-cmd-disabled", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0040", "T1490"]}, {"bi": "aedebug-settings-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-disable-windows-installer", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "ie-popup-blocker-disabled", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0005", "T1562"]}, {"bi": "registry-ie-lock-toolbar", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0009"]}, {"bi": "registry-autorun-shelldelayload", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-bootexecute-value-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "autoexec-bat-modified", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-shellexecutehooks", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}, {"bi": "registry-autorun-sharedtaskscheduler", "hashes": ["13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393"], "mitre_attack_tags": ["TA0003", "TA0004", "T1547"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Diztakun is a trojan dropped by another malware family or downloaded by a user that will modify system settings. This malware is known for its use of Image File Execution Options (IFEO) to gain persistence and inject itself into other executables.", "hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170", "18417f5b5010e9e3910655e4c3aca73e0ae39c69d987cb45f73e9e6d1387c03c", "18648cc3044f1039ed223acc9bed50a09fd6fb4a4e51ef1329c66e2aef42e87a", "1978557cd9206d349c3bfec6d63e71390724f70483c3807046d60ff66ae1a1d4", "1c2c96651659552747b740ae0bb3367205acf0b9d839b28c9cfabd8b36fabf96", "1cdc4d09506b4998b5e7d152e546283b90f058de688c22497f145112636edced", "1d49d1d2fbb9776c3469e3f9c00622a1b4cdffd3851ef7e073161200cce6c3aa", "1d9036d62e5230f43ec57e6248d82b0b87fc52a905550bc4da8ded3ccb6586a7", "1e070d99969739bf5cc9f165fd715c4d27bc49b9c65ab65bd0e2147ae0107e52", "1efa9ab89632a623ce4c9d4c2cad5a3b188a8120495ce9e79e9988123883f951", "201bc9eec239b5b4ad2b596ae5d90b12b5ce0a5fccd4f1a48dce2834f126fe51", "212b9c9bc0fb6d6c8eb03a1cc0f81ef0a6870e091834979c8c688fb749c99c29", "217986fb3a37191d81c08d215b7f990d74754f9943650a345f1cbb994894b347", "2188b7ce27ff8cca8f5ec2f46da1f8e938b63ae3a3682c78a6bb6fcd7a514074", "218aa5a8403812eeb963c5a8fce075ca1a5fa86cde86737363dca13b70034001", "2201b28757cae002f4f95b16999734b0ebe7262e5f66d576d4ef6b1624e59ffd", "220ad177dc240acc45d7246873fcfd39bc81800ef3641e7f8ad1c8aa95d0d920", "220f0dc96bcbc6f62c74a965e865d065a57ed1d8c8ad4f82ed90adc1f333ea60", "23245866ce371e3289606ad971dffd9ee3497a436b93c13f1e797fce8aa10fff", "235b105a5c49deb924ffbb4b89d5d2988d5e9c1e940642d3c0ddc5a4cfcdd646", "23a7136d0a0b7498537dabf4980b9941730ec7e9083ec70d1bbc8f6afd9fc8bf", "24da187b52f0723e25789b8d4ecc154e8411915388433f5b5891e336e395c044", "24ea910df0c6a8025b92b413671764cffe00d944b78b6f48ab33805236bcade7", "25bacd069dfc21316b47314f1223c7b5cbb6528f3579ea392dae25a90d5fa51c", "25e051af8ce0e911c1a5d1635725a2276e6e77e159f6b8463c433631568c3f7e", "26976ff7aa963e721e5dd3dadd95974130c7f956854182a22b4b1e2745bb0ce7", "27a196c77b00ac978bce85aaad892c21c3d1b40c5d5ab2233aefc9ef991ec938", "28399c9bf1fdbe27021cc48cd0ac2a64262d835f9775980fa564500af81966bc", "297ab43cb7a120d75cb8a3942496b6fab01dd573fdd698b70ea4f8a1ce92f7a7", "299ad27e5c5483d46bb705137fa4b25300ddbfde255bb8f23fc8fd7bc73488aa", "2a1da226ffa6e354483296da5b596d2fbf8a74a5150109b5cacd319c7d555936", "2ad88566e514e268fe060c41c1b5922f63776a506eec31d38af25fc97f4f0a29", "2ca4372265b75fec35948ce012349f569ccb406ccf10cfd21d1fd2fc3087827d", "2ce6348661ab1257da67901991f4012d489a9d0dad6ca4c5ae6d1a4082076cc7", "2fa271b3377557c9cb3195c59eba4a322cd8f3551a43db3f0e10054f155e34fc", "3017b0179eb8cd39054d814678b1151e03a25970f0b51fb7c9687184b64e195d", "332c799b6f4ac003eae934d6a7859f04fa7c2b91ba7a27fe356c275f2729e365", "335172ab190f11daa97ed2d64876cd68e2144e6a25c3d3d552610d4094f0de61", "34d2e62f783b68849c9255384a068564d86b3d66f96562cada3b0eb6cf73ed9b", "356cd36cea86ddf75d14f185df47019b452f2b391942a7e48f1a69cedc741258", "35908daa36e51011974840ef329a850bb30e70823ec9eb61007c8d6fb538389c", "35b8259a4678360fcdfeac850fe52a90b588b656f669bae56aedd665afea53c8", "379c482d4eaac8c34cc5a193e16ae89041ad2519b286371330da64c0348900a0", "382f28d428e4462ed2846f4b3a331724cf23c598591bf68836546c1bc266a4f6", "396e99e03e61db980c18865230d01bb4316e124428a71d8f13e9a56d0f52c0e8", "3bb41d9a57b0d86f65f60ae2a7895201297fa0f602ddd6804dc1b97222854e57", "3c1750f380975c31bbce61b1364836f3b08df0febdb0aa500f95220ea417e220", "3c309f15f5da0ee28d9317eb0a2e76c4667329570b75f56b8ee31b66408505af", "3c56280acd27a86b7ed78fb0ce0fdd0f94d23a851dbc44fe98cec3c54bd0e500", "3c5a999c477ff821313158c877f9873d3434732682b224786ff88b4b7730bfed", "3d2fdcb819029b6b1875ec54bf211d9e976a01e5929192a232796af18577211f", "3dcff78c5ec8a2f2970e3e6eb228ab589da1c86bf21c002a46d41e762bb25800", "3ddec15973d71aa631f289fa46125e930d4ae8d19e8d3caeee72670bc25b93c1", "3eeca9210111abcb09c8a6ec0fd5914fe027552614eaf21e863f2e130c2d7559", "3f3d3a3468fc5040adcb6607f9ba9c952b9f47bb9010eaa1c46e986e7d8ad74d", "404b6d248b95cc4c8f11e0a05bed456e8337b3908d9fae4041d9213a45341252", "40e118441d96ac3ddcf422bfc1d69091bd4393c9c99be30a6dd34fa0abf9934e", "41f5ed4d95cdca8b75e2b30656fa2c62996017910c400078c24d8525712558e3", "4228d0f821ca3d8d0ad562f864f518754e3198599d6454279bc5d0eed19951db", "424f4f6e3341011c92bb58800c397221f8db631f699fdd12a2a8643661152fdb", "43b080807358eed5ff18cf8ce2a1b937c55fb831522064342ac7357aa83510c7", "43f73277741c224d7427b01181266e693e55598281e653b052583b1d0a255fff", "44a5c9f5141e44a7d37df39567d93e11ea0cae6938798586a93aa9fba3609dcb", "47bbe94c43f12f280e5ec054504fd7186b26f23f1cd117784957fc1e259ad91f", "47e6fd768800a70a1578c4355c9e8ed8e1a54c00f2088a070182f5f34f1916bb", "480098b81028f756929cdbbf478de2f9d0d99f4ea120775191a6275064433ad5", "484c3accf308d696c599c16762711f1300dfed7850e7c40b73450b534dd14c59", "4895ba801ab74fca8bf2846094caa317c4bf71cec5a6e4aeb44e550ec958a0da", "48f8aebb1559b5528414f5b661e6f46bb4736e98ca2d620eda3b06c4b0582b80", "49e58723fd7fc3285df32072e7c4e34002cb5f53ebc81d2127de3c6b7c089f11", "4a562db26d54b1c2faf74273104914be1144273f8eb8cdc9225a1e0e87e0738a", "4d64d0fcae78a60cb12a6388476b863f5dc04f12122b97cabfb8b5949bb70ea6", "533674ca18db673aa4dd489b1113555bc86ef55cd0af8ad3ad7c5a7c24ca297e", "548c7659336f3dbf891e33803dd9a4e3ab3cbc0998e4709c12f63c7edc3f968f", "54e9788a5777942df135bd212d4af4ae835289f38db5b36a56364739b17bd4b1", "558b1eaf942a9620dbcde67816529e31993845cbba941c0cc9e0b02f46f08c09", "5686343217312f03e18fa1da2094a9d6d21e517ecdd15ce4402d64bc85bcc4ec", "56e0bcfe5a8cea122da4f79b0d0e038e52221a7fc92973da80e223527aaf3023", "578ce05f4d6f681ae430021dfacdcb28c1bd9acda14febc24e2e32b47a4f3903", "57cd7af20e1c84e62d736f93c4451bdf68d904886cbd43cbb8c18b89b834b8a3", "5874104cafde91c796232f80b78fdf5e933e9d388f21601211358b6fd077b3ed", "58daa90c95d8bf78322b10ad599647bd64e5cce137e238154d954abd2d016954", "59cdd4d4c3e499ed5b774b6b5e4b04a7714f269823e9cd5f425952a7e88b5d51", "5a25a58303e53c32259b4f12ec655e9c5b9f1771ec5e9d5aaf6f407a5228c3e4", "5a9c2d92d5c193062cbb37c4f1df44d86b4189482d63b207474cecbd67f8c96e", "5aa08156a2265d2f30f5a8dc050694852f45a2e9d859d1e2844b265c4c2d4467", "5e43d3733bfa12bc5eb4088a5223023aeca165182f4a59bc83737dde7a5c9032", "611e0a7c42ef217daf0420244aee12ed0567b21e632a4eea9fd9d4dbb14f6da9", "6200bc7bf3d6677acdadd2db117af31fe898a504e399870c810ea0a91b2e033c", "6277fa967ee6efbd1e451aadd32d30658d32d031d441690f4f4f03e023fc9663", "62f728604f800f9bbdb04828da6c6429c5618a5dd648c5dfdc8e6db7b812a165", "63d1deb3ed078b3a83166077b88d81fc2bdfddbefd5c525e2a7be7cbae033f26", "64738fe0c480bb1efb2be418aa1a6c46b0a3b863c03456e63d0e4a80fc3cf106", "648c9bf8ca9d08ef36931f6ed17da29dd43d0974a3a4769bd61ec6c758ecb2d9", "65296af72a456590a2d44181e91ec9108cb2c15da47ed3334b7db2130e36bd0f", "67b2e459477a3b1e0092abd886794ef8acfc4f71e90ccab8a66c2dc7c003486f", "68cdc458bab95934f9b320266a1cd259af7dbbe8ca51b9c94eb9f49d32769b5a", "69115179a3e8838e2bc4a20a7e2f925739c31c4131b90225414052314585e4e7", "6a4721a11bc2708b42ff18d4c9314e21bd4f75ec406c12628e0d5c50fa2c6353", "6a8949083dfa97dc0d2896c74044a58e2390bda4ba6e9a5045f0a5e66d6d8d0b", "6b078eaaa603fd66cd1affb1a4db66b56de9347f731c4c9c3bcc0eaca3eb4692", "6b5e8b0f7d37b4a14f6af90763f9ecff08959ba5f35e980e6492cf0a6283c76f", "6be108fe3b63ba3ada3a5d5dfd9321238396a3da1a42566e3396b57acde108b9", "6e286cd949bd72a1b0cf9858e0e4f80d92aa94bdd651fb4c98e93a035d951531", "6e8b66225c2e6d46edece68afca0c4722e50bb44ebdf55f1a172e68dc3e5f314", "6e9058db210262d17e2f82eb26c58b6e2995e5353ce03f0bd357459d11a0f843", "6ec4d7d24903348b44b544e67d7aa78555faaf4c5610ce27297a30259eb58221", "6eee70c8fb0cc533669159072fe8803dd09695135e7a6eb7773db21f14b03017", "720669f6c29631b440917c0700b9e5351f6f67292d08548dd71090ec2a0c547c", "72f2ba9c0e1725ac893b3f0a740b0233933fbf8f8acf11f870740d5943df2eef", "7475c2bf22bc7300c93baf582c34c88be91f8f658509395b7ada65634d95942c", "762b68a39581a5f3a40e5106db5d4e6a071064d06c6834858c6b55dabc8ce468", "76ecb66e3de5c9b51b712717e26727b7964398ea8f5330a0adb5dd1c11d394e3", "771d810334b415ebcd4ecb326ece77e16b53332780dec0c615a2eabaee3b7693", "7839f05cdc18a1d4a53aec5ad021f9187779e284c146dcc86e92c9fc9375ca0d", "7936416dca99fcea661bea7a2fe8388a7cbb8552fd67e388c71bc86dfaa03d96", "7a478ab7a98af916eb075dc26bf84a8ba410171c5299bad201312ab14b722283", "7a4ffa4eb0a303b15202b01f71e6f1a36dd3dc62b064cb4ee856aa9c15efd581", "7aa748b1e54dc0edd1dea68913c1531030163041a68bbe9c2d376ca4e2c272d2", "7abac5e864ff201356a77ecaa3713f5a522b1469c5c563cc5a051fd0f5cb842e", "7c3e35912851c3d233bff20ca1b8f84ae570af7b104fbc6bbb8a9ad883b3c53c", "7d02bd1a6f447cb115456d5e35d6e147fc5c930a61ea47aedea2b774c7ed8a71", "7d789a961f9e416616f442c2f09f0cc145f03cc7e6ab8e9a8496b38ec3578a35", "801da02c7e6bdb21ab6a2bab62582277f326f80b0574f797eaee0ec9e6acea93", "805444a9a504bb3b541b42aacf01d36bd3fbd3c34ca57cb2a14eb92b239dc629", "819b0c08bb607eb7a6622faf8a28696f138a0c55725d93c56a16b4ae59864026", "82dcae2d06cdd23a53dd7f48e6659f9f8e558b555d3db3c3aa39e9cc3afbeeb8", "836905d6a25821090a9a5cd1fd1a8fb2a9e0a01138cc611430f8d55bce534eec", "83c51d170b1c0b534c02f96aaf37e94b25bf2a1a37da5b7c0d1aa6029dc8d852", "84befa7cf1406cce9c96fc5f316d8ad50a21b5e2054f5c9a025b4286a3088dfb", "84f75a756d3d1cf8f0e3096415e59a9868f0b024129a87cc445bfac01f882aca", "8600ffad0875aefc355bdc0df03adbd6c36bd4c99192165fc412c859448d1806", "860136c4a5e1185081886a124e2b187155b24dcd460a41d8e1188f4a478ee119", "888b2bc3c92859c714dda57069963e441eb06d7238acc97687578260e459608c", "88e43528abad896fc792d66c68d7e004a5fcda4dfa94b4b0becbc33f3ccea5d5", "88f9a12b45db8b9533839ffd0caedb716c6313e6f0d3bc7b24f56747d9007e2a", "8901619aff29dbda2bf63ed33803aaf9f5b4b5af54a7991afb35c3f9e468ea2a", "8c15d8f7c13ac5a01dde3d578b43d208e7fe640a874da30fe21cea9904841f58", "8cd085681cca900f02cc6fa02955f9a2ffb41c552c0678e7a49fc8c350bfed59", "8cfed369d6ac71327b9a7c6bcb34121ed03b145e51d681d442c0c881d3c4b07f", "8d331bb5bfe686300c2a4da6747daddd63864e344ea6e67cc041c8e04198fc8d", "8de4c3dfc221fa57790b24d55a85dda041856cf862efb30c45ab97dc601fca5c", "8ed6797802e7e144081085111ae017658ef7a05ed0ddd87e8e01d13bbfe6f1ba", "9396db8d9bba5d39ae9cb87bbeef6dcf4a1f7267ca32dd7128f21b64bd326424", "9490cb2450a1c1661460e767b2124cda17c7e5b642ec977cb992b2ef3c97612f", "96ad54f65a08837fdbefbbab0e04211430b7de003ae5867e65a5b626d6eee1fd", "98a0066d54a2b61a8f96647fb8d79473e7baa5df9ede80dd21ea34e3f1c64158", "99332249e6be5e12e2b4eb5dfbe66b165633d2b092a187730a72baaf7da3c4b5", "996169e53b17b9ceaa46fb5d0cf1b2cac6e504b6a3bdb72785159ef54f2c8d27", "99a9f8b0144a65eaa5483d0e04fc4fdf9dad8529e80e2b284ec67fc4b52359a4", "9a38ed6fc7f23810526ca02d0006a82a34c8003789757abbd6ed9a86a7bfe47a", "9d30718300ed17dc06624b61b66ff595d616aa6b7bca42602ac22dc34c91a059", "9db61c91aaa2e67b9f8108dcf69730ac61c6f956c59d23b56b0e1bc39e32653a", "9e8914e8268326ea25c79076792c535f644a32f6ed3ef400bd57301b7bb5459b", "9f04eb6ac5f1147a1bfd41d4fc82ada70a17c0a34905a499be4764e9724a8916", "9ff75b9df00ed03f05dbad042ee1edee8f2048664fb2a51d5fe91703a731c10e", "a0a7c13aa08f615104913c092dc69c4520fd5a70cbde9cd3b2cddd64778ef9de", "a1267a23179c6c619f0fe8d5c45606c857d0b25ba6eb6da9583cb3e8f815d90c", "a1a077f2741441210efb449ff2a764553a22539742baeae8f6c79fdd10239b0b", "a24c3be65de29060a72a250f3d5fb1a930e3bc1c0f2bf1f2cfe4f7753c618cf8", "a35db2ce15883d182676f51d51ad2d90c9c9e4e24b93a17886de829de0bc2f71", "a3c4063ab50cc40c2a7bf507a23074824049bbf226c015cde0818558c66f55d6", "a5b8fd9ac11bf0b0548c07bbc04cb4c9b09c021451db099b39479c6f32042870", "a90e3b591b5ce70873d769c6e24fefe1a5f494ecabbb2c9a2fce4d5fc28c0ba8", "a9c4ee1dace238de0d8ed3bac277d45ceaa1c9c43ba13e45d3337da4f104c4e7", "adb99630afa956fefa6419b222b4d0d88632f75a30ef5f0069dc80d7cedaedad", "ae8a7d657aae386b2f8511f7a0acfa696e82ad7d1f3917dc849f0a69890bc1ea", "af176f07adcf0320611bd69cf6b7678ce45a5f817e2526d6c9dfa45acf17c2d3", "b00a7a838216c3966ef2427cf64704fdf0eb9e71ee05fed6cb76dda5150b8f01", "b0eb93f2147d6659335ac6a0a9801be9e81820f57f50232390201b149161ee1a", "b1d3ea5dbb518a3ca159e7197e8ad78daa3428b777c9dbd44772e11aedb9ab50", "b3782984f07100187592b26b270255d84821b967e84638292e74ac49a8650aa5", "b42b39c96af2ae62ca1035669512d9fb3e78b32f2f532a1f28e95794c9a2fdd9", "b453f7e0287e1cad936b615f6c3c92d64218f93094ca15281c1cadbc9bab4ead", "b5902d420cd8fd293b8163fb8c537cf9ccf58fe701445c70c95d7734d51da8c4", "b5922f323b26f77f8009ff04a2ce728fd1b6cf48068da51f28d81ab93c1e24a3", "b5edc6bb6c43e23e5d1d7f4ddce34e68c01fac58b4459a74bc3d4aa7248fca2c", "b663c1303b2becfa8c02719ff797f0898a5056b88d5ad824b5c285ab2346f8bd", "b70bcd91e3d3de70b784f53b7b2e84acd06515eff6d6bc943cb583158793ad0f", "b75d604557f075d2df9f92e1897553502bb6d58c38dd34bc62a70e1da336ca38", "b976a1c1de3fe7cbb59ae8e71cb261bf072345bf5737a99bb53f9f6840b7d488", "ba494675759d8b2c6192ddecf70cd8c00a500ff73a028e3abbf8ed9683f1126b", "bb115c512f97b99f5baebd01915cbcec86fda82e748946354660eedcc13691fc", "bbde3800f476c797f63e3d36575056eb8606bfca700e4250d89b7dc5ae44b156", "bd2c70cf4d4afeb2c258ad8e4e4f3824831805db81a7eceeb1aaef59709caff6", "bd61ac05cb586d0a2421ce00f9a9a3e8e6386bfeb2aace903a9d17779df09843", "bd8602e2445e67e7480d6cdbd605fd2eb80de3ebfc9223410a44a18dffbe2564", "bda8113db7ad84eea359a3152aa73dc9d6f6b1b14f4920dcbfacbeecf7a09f78", "be41ff3bc9e6e1c5073fe582f1ffd848277404d07ff5d0d1edd75bded0936dda", "be4592ccbe7d27b2706a60d68f079e5e068ced129bcfcbc68b6e61eb0dc6f588", "be86e81737ff989e17ecb7044d5a7b860fdb5699e27ed77daced4aac03968011", "be91008174e9912a9f3d0a3b1e845ddac971d7f7871950637f6d12f955d95a0c", "beb5b49fe153a683cd03c25c6dd88507606b604d8c5f6bf10bf201358c6d6e9e", "bf359703e12919687db39da3da3a2442a206e8356affe568b8705969b60dc333", "c01228796673fbc7e2b83250df8427d59dfe11e1c878749d1884ee288d61bff6", "c0c6e5fd2e02e51e7c8c7c30a9264342df4fbe7ec65eb5a90939d1aa70d3349e", "c0faddb3af5c60111061270089d7a584ce2d398904713f2d2c17010ae9c6d304", "c30078f15b68d4bb05b01e49d404f3bd4dc6f277ce7bc2dd553964e25e961b39", "c55dd1b633e845cfe72b64aa1c786ac0bd6b7d5e39125e243ebc17ba8f04c0ef", "c64dbd4c3c99452e795d27cf1b0cde5d04e2322dd66786862e776ca384d72c78", "ca5248ad355a4d6d18ec256cd8e12931900dbea99a9f1dba698e81168122415b", "cad4e8205bcc3d334b1f802ba290239c01627206415e9efd1f1acfd620e6e719", "cb66ec4700b2cfadf41827c1af6f5449d91397cb2304a2ecc5719a189ad996c8", "cc26bf391412443426493e97909aea7fc132b7a7dcbf186b56161401a563e1c6", "cc490762bf490b059966b2008f2a196d5aa840cd10378d939f0a12a94b05e4bf", "cd4de902d08baa4f8880b0a1af6977fa8e06432fe11a9560b4ef1f44970c9f2f", "cdc70d74c84eb93c70ed64f324101af0877425f325a87de1234b5f7346b137b2", "ce5f3696826b249514ae244cae32a730453e5e8300cbb601b42e14252571e4f4", "cf0e3420135e97078e533a9cca7fe23e416b9f15d33c4b6a2cb39922b879e58a", "d03eb35a8f07fbc59769c95e55ccd9b400a093db0a479bb50ccf80335894e685", "d04f18cd47ea12a347b7470e3819cdfbc7bf309db0ba487c98f4fcc25e862c42", "d0537e2fa260863d77852c63a27d0e7218349bd9a12c3d6a3256ede1427a93b5", "d126f82ee3d6819defff92a6c550ac17bb2c2745e97cc5fb316d2fb5547e4d51", "d219899a51ba737ebd6a579ca8617f7ef28c31e90746675725a0cbbffe7c9592", "d21cbdbf49edcba7ab940bb2ceea2e99dd89c2f337da628caa7e241cf7a98d46", "d26178275f11cc1bc7cce292debfb088b968200c5129bbaab17318c84ba28c05", "d29859c078489bb339aa5cd22dec9f5869573616778c0fc43b2c89186e4a3d4e", "d3acef707869fb4b8021fa4c1369160dc5abd2f4895497b9818379fe777eda74", "d44a2e745ae89e47aef65b53eb453aee6b58dd90c05d6e341f8dfb89c297cd48", "d4551275bc18db7c563794bcf79f357d2801a812b7be08b958b9c32100d7fb3d", "d46999d2511081d6bc17b35cb8976d45fb554807360b5f05c9f23f660f9e645e", "d4727be026ff8dc65a99518717bbfa615571164c0b8f7a9b3179cfa915a30064", "d59b75607391f813811b2e5ae0aa584f5720975b8eacb1b0c03278b51e483608", "d5a29787a3ce82ff8078c9e8bb15e6a113b1d7e415f50cd4244b82e8b22b8b2c", "d828e8335c5ce359e0fbc78bceee0a88a6ab29298810618c9f309705a7fb21a3", "d84fc4cf2bfcdd6ab1799ff28d3f5b01106b45c0105dace601c1514a1f3ec561", "d8c1c58d837b5325becb2b00d6b8ae9479c60014abaacd10782a85dd0cc2b848", "d90466c74218a66595106c5dea9f447bb9e57a824e57b4a05159b8fa9160e58b", "d9184db9fa29f5ea6ff80c26da7e534bba6a92aee9161ae2a197f28af4473ed7", "d997b96b49f70a2f2f3e3d5b4c2758d802df5bfd98e57f1eb090aab1c97a4b42", "d9fe09aa90456299cdde1604a0c35b90a0d489b0c42bbdf1a1f81968b1f34361", "da72c2600cc37e43aecc5ef6e61162ad4daac8db550e070a09c8ff08161a8082", "db79dfdfbd928a9a401636a04b6851008f58bdbdb50e6aaf16a0f696c4dc3ee5", "dc186b4d5552ee41ec2aad5401bd0ef4f6d0d152fe5d485b6cbec76f8fcf19a4", "dcf677c0a31380414ccdaef4fa66011c7ca01458a09e72d2db5024b2a728541d", "dd78b4e6b361a1fed9daee4dca3633fb5b357b6d7cb3f544dac531cf914a270b", "ddf6500414435c124bfdb543b61a556ddccc535abf8d9d9e4f95ddc9d2b247a6", "ded268b0213ee5be8d44bbc040ed46775179b9a6530a42fea36c8d73c93b587c", "df874172d98675b696624964dbdc369efade1295f84b13ecf8babc08585a6be4", "dfffa2a8c6bfc8c26d356d5e4cf99d973d9a8863eb582750fdb57120fccc892b", "e00a09cfa5d11b62e465d91ec6a8f7d5355ead96779debfacf91a25f5cc57506", "e22474037240f6bfe8f4e2dd71c788674023d6099e49dc17678b191c0c569a99", "e2af2217a58b04529140f5a443485428e8aefbb43dbaef50eab049f90c48e139", "e30f419ec7c41409e3c6c69a7cb2d5957fec8f9b49d16539115a8b381e481fa4", "e36a2c499dd347e0a82bace04f0a667e11bd441f9cd961f00765f97abd72cea6", "e3e5da1bec008c3434776032527de77a5a7379887fcb22a5a87c19ebd01b2c25", "e4dcf2a4a4d6d15ddb76a36587cf4072a4b96d0635692741f1357c85ab77b542", "e7255f30bc0edf6f5076f07dadb40cb8928e7c43ac48a34e36fb07d100b1c05e", "e78f205649189b79effd756d69ecd85808531e4fb4e95faa1aa17e80e8f98cb9", "ea5fc6329824f840d9ceb21210280f3d3edb43fcdf6168c85717dfe26e7fb072", "ec153cf66c039a4c5fa9ad59c3b21a54f86ae315568151a3081532a361a4de12", "ec36c54a74459da279e9111a3073f90129994a2a8449129d8f0a063f53b7cbc3", "ec56bc1f3b66f7ee99ab24eeaa40ff30b23ddfe0bba4dbbb3320229245e715df", "ecd7968a94eeb6898e5a5aa395e95d6cbde025de5ee32bcbc9fcc827839974fa", "ed117976aad0f2eaf32158bc2cfd07088c3c5f4df35901161bf2cb4cff8cca47", "ed7c7925f6c9a7846ea763e8bb31ebfdac9e1052c3d6d0929dd206cba691b546", "edbf8696f1975702dfa484b2aaed0eddbd22edf59c5f3630fc9dc3c91a03c4c5", "efdd3a898af23c543cbc43536b3d48abd61fa0551c1386269ca6bdc501c47a47", "f141ca2af0544fbf9fad93b6d2892fee5347ac033e60f64c25f4bc55953e7dc0", "f3c1ecdbf760201ea90054160b27980fb250984faab7a9c169a526a289fd7803", "f73d13000cbfdf8c27fcb92e00fcbece782b1cf7daaf9e1e6164ddc649fb5798", "f89e6a0e2e63335c9c1e7337c7f9b670a5989b80d7861a0efee724cc49796d0a", "f9d8f924f42006c365624f841e36d7b104cf92137ac1e3597cf3761cf1ba1fae", "f9dfd880b4c87472cff352cd58ad7786189f67e7a15b62e4a6a0563c1a22b4af", "f9e8d47c2b647e7f0ab45ad95076d42927eb8492c87d5486d0a6bb5fa6a7a936", "fba81201963e85be21c90c5a008590c1f3420566d204f4e1e07462f13e16342a", "fbf89f0e461d600b33c74085c28da128877aba205de721022ebe58b613dd4b84", "fc1a276a52c846655375a42a1a78b5be1b9ca05a2dae013bf23f612e45646be1", "fd6b4c143665b357978b5ef7fedb0e08b7ce8516c56870208b2a2ae7cc53b617", "fe0fa496128743306aa0a1c2c6050713d1ecf2d1217547966a7ad54197f0c957", "fe3d91cdd7a55ee1f1b7cace2f19447e590c1045c039312f13572a23b8416abb", "fe7a15813bb0b4ee7ce80a5b5c79c6c36a037a0758c00a90b9782fcfe84c844e", "fe932e3aeaf87640badf6b7c6ac2cde843ceff2df321c0fbc8b18c4bb18870e3", "fe9b60f8f348ebceb9ea22a4fda9255f40308a2fda7f240215170718567b1eac", "ffacc7bc8ebd36f698d8530d66ceb832dba0c6897f436dcbc6c9046aefb866ae", "fff812037a8db427434b3bad00fde8f5e6cf0b5c82cf0bad099540a61325fe34"], "iocs": {"domain": [], "file": [{"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "%SystemRoot%\\system.ini"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\autorun.inf"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\config.sys"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "%SystemRoot%\\winstart.bat"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\autoexec.bat"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\winlogon.exe"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\AGENT.exe"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\SLEEP_TEST.sys"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\SPOOKY.sys"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\VAGRANT.exe"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\VIRUS.txt"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "\\TEMP\\wininit.ini"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "%SystemRoot%\\dosstart.bat"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "%System16%\\autoexec.nt"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "path": "%System16%\\config.nt"}], "ip": [], "mutex": [{"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!010a0"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!011ba4"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!012c2c"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "name": "Global\\C::Users:Administrator:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!014d3c"}], "registry": [{"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SR", "value_name": "Start"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\INSTALLER", "value_name": "DisableMSI"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\NOTIFY", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\INSTALLER", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNSERVICES", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWSFIREWALL", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SR", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ALERTER", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ALERTER", "value_name": "Start"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "DisableCAD"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WINRAR", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WINRAR\\SHELL", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\WINRAR\\SHELL\\OPEN", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "SFCDisable"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\INTERNET EXPLORER", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\INTERNET EXPLORER\\CONTROLPANEL", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\CLASSES\\FILTER", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\INTERNET EXPLORER\\DESKTOP", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\INTERNET EXPLORER\\DESKTOP\\COMPONENTS", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\CTF\\LANGBARADDIN", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\SHAREDTASKSCHEDULER", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\APPSETUP", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\POLICIES", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCEEX", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SYSTEM\\SCRIPTS", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\TERMINAL SERVER\\WDS\\RDPWD\\STARTUPPROGRAMS", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\MEDIAPLAYER\\PREFERENCES\\MSLD", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\WINDOWS", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\SYSTEM", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\UIHOST", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMATERS", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMATERS\\PROTOCOL_CATELOG9", "value_name": null}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWSFIREWALL", "value_name": "EnableFirewall"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "Security Center"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\SYSTEM", "value_name": "DisableCMD"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SERVICEGROUPORDER", "value_name": "LOL"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\POLICIES\\INTERNET EXPLORER\\CONTROLPANEL", "value_name": "HomePage"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableChangePassword"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\INTERNET EXPLORER\\MAIN\\FEATURECONTROL\\FEATURE_WEBOC_POPUPMANAGEMENT", "value_name": "iexplorer.exe"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "Start"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\WINDOWSUPDATE", "value_name": "DisableWindowsUpdateAccess"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Shell"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\UIHOST", "value_name": "Shell"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["0021a7ecd30ec9e7d784c42ae64271b6048666c0a24505f7b35ef6398c6e67de", "009086e24a5a00bddd3eba55592afdacdb8af0348aa92689317b53da6e75fe31", "04697012f791c6f216166eb1f51ff28acdbfdc1d48bba4519e5f87fcec3ccc81", "057c03cf6a446c6e6cc69410735bc5566aca6b67e6a0e6a047e599733f158aec", "0655d055f9828c562a1b8c595da7cdffd364e6cc8f8cb4fb2dace02def3a72a2", "06c6175c09dc4990aa5a585910133b1654d5ad9e830e055f0485eedcd9ccbf03", "06d5e06ed0350ba3aceed5c8c4dc51a823a96356de2c643c3f82e0168b3c45e3", "0942b6c9cae0fde214be04c00f82df9ba16b8807c15e9d77794c1eeaee529ee6", "09b3aea967bd842df4122c7fe680177c8f61c1db2d7fab4b718226f3f49e0a88", "0bb8cc324149c2667dd7ad9a3b0485ecfe28fc2d987351d3291eb6674d158f06", "0c6665ef8f2b001e2b59c003d1b16620f914ef1b2942eb75042246c2a03a2acc", "111969b54597e9302f881219a619bc5575860c6c7145cd7420c5d5ed3e7678f1", "111a4c38d54f738ec137dbdb05fbca0b836297c1f1bdbe0d14af8c184c1e8285", "1236be8ea5e03b19cdd1e426d363f3048ca0a0a2ca95bdb85354463ca2bb12ef", "126bcb577c45b6a6d50686d695c7cf499ca56f3565b97a50b75fcfa1cd5436ef", "13a8758f0372e94b3150a99d0f9eaba106888969602e97f111d8d9754bba5898", "14519a8eea3064280ee285be6d20a9b115235a87911d4acd810a104136d941be", "155ee1b57f1b81a893d8b4dc1e4d82bfc41aba7efa230efde3d4d799dd8bab96", "165b625e83b0384f62ddce37be56c40f8f9edb963f6db4ce2ecc64eb76e48393", "16bd1b3ae60631d1c6a5930370439c450a9dc7caf0bf830639211d639975ec26", "16c0c7b6e6442a4c0474ca5d191264a720a21ea403c666bd7250730e6cc743ad", "16f83afc6db86047f9e4052d1dbed7bbb863ef9b97b6952992da9dc1b5d3c37c", "17154f668675360454fa5d307bdfa6460f2ac7c774934d823011290882f2d783", "17853c83a9406c9ac07a189d3b968187f6c784f454da643ff816052e056e44f4", "18140ff47b13e4a95522916681d8c47382fd7590730a2d03254119d09042d170"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMATERS\\PROTOCOL_CATELOG9", "value_name": "LOL"}]}, "reports_count": 25}, "exprev": [], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2023-11-10T14:53:44+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.njRAT-10013547-0", "Win.Dropper.Zeus-10013588-0", "Win.Dropper.Tofsee-10013531-0", "Win.Dropper.Glupteba-10013467-0", "Win.Downloader.Upatre-10013406-0", "Win.Malware.Diztakun-10013372-0", "Doc.Malware.Valyria-10013349-0"]}