{"Doc.Downloader.Emotet-9619866-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "document-contains-vbforms", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "macro-contains-random-vars", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "vba-document-open", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0002", "TA0001", "T1064"]}, {"bi": "document-single-page", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "document-contains-vba-macro", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0002", "TA0001", "T1173", "T1193"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "document-embedded-low-content", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "wmi-process-create", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "powershell-encoded-buffer", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "registry-powershell-ras-dll-loaded", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-direct-ip-traffic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-snort-policy", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "document-exe-dropped", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0002", "T1173"]}, {"bi": "nginx-webserver-detected", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-fast-flux-domain", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "document-launch-powershell", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "document-network-traffic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-communications-http-post", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "powershell-encoded-obfuscated-cmdline", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "powershell-remote-code-execution", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-wmi-process-create", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "vba-compound-random-network-communications", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "document-min-and-embedded-network-traffic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "word-document-heuristics-compound", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0002", "TA0001", "T1064", "T1193"]}, {"bi": "network-dns-doc-network-traffic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "vba-compound-random-generic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "feed-domain-document-network-traffic", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-snort-indicator-shellcode", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "url-forced-download-prompt", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1105"]}, {"bi": "network-downloaded-executable", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "network-dns-download-executable", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "network-downloaded-executed-from", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-downloaded-executable-service", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-downloaded-obfuscated-executable", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "mitre_attack_tags": ["TA0005", "T1027", "T1105"]}, {"bi": "pe-invalid-checksum", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc"], "mitre_attack_tags": []}, {"bi": "malware-document-av", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6"], "mitre_attack_tags": []}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a modular threat that can deliver a variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "cc9db60bfe6467f7ceb317b1b77957bda4e257542115497f41ac954eee181033", "d17e73b6a241eea7ffecd6a41d7eda43f8fc77026903c80e976f4e0c9767d87e", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "dbd4036211333580d8474c3b0fee1ec5bde92567eedebbe282a0cb9d15e125c8", "e34f23f09b0872b840af07855eb114ad0f82e8447df7d862ffbe78920c9996f3", "e48d148e079b1855deddfcde17ba1fff0bb75be38633a763144a5e2f1d5015ef", "e96c090321f70b2a84ee8787f30d0aef3bef7d96cb6e824b606150d679bb790a", "ee5b26f7dbc40375d2d781dd7a3416fe3ab88627a750af6fcb85eade50dbb026", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f", "f36e5717d0ba23b6ce2a8e498ea46168f20e9bc680704e7f1e0340b53992bf1c", "ff9b241b468082f5ff182f105e15fee37c49995afb6574d3a4eda375c488365b"], "iocs": {"domain": [{"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "host": "sindicatodeseguridad[.]com"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f"], "host": "e13678[.]dspb[.]akamaiedge[.]net"}], "file": [{"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "path": "%HOMEPATH%\\Yt_y5jN"}, {"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "path": "%HOMEPATH%\\Yt_y5jN\\nKmZfVz"}, {"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "path": "%HOMEPATH%\\Yt_y5jn\\Nkmzfvz\\Sp3k7gus.exe"}, {"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3"], "path": "%System32%\\raserver\\NPSMDesktopProvider.exe (copy)"}, {"hashes": ["530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc"], "path": "%System32%\\InstallAgent\\LockScreenContent.exe (copy)"}, {"hashes": ["60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d"], "path": "%SystemRoot%\\SysWOW64\\taskeng"}, {"hashes": ["5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a"], "path": "%System32%\\drtprov\\KBDMAC.exe (copy)"}, {"hashes": ["03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4"], "path": "%System32%\\pid\\netjoin.exe (copy)"}, {"hashes": ["37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea"], "path": "%System32%\\iesysprep\\LocationGeofences.exe (copy)"}, {"hashes": ["ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293"], "path": "%System32%\\msobjs\\mskeyprotect.exe (copy)"}, {"hashes": ["8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19"], "path": "%System32%\\mscat32\\MSFlacDecoder.exe (copy)"}, {"hashes": ["13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd"], "path": "%System32%\\ngctasks\\msxml6r.exe (copy)"}, {"hashes": ["39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a"], "path": "%System32%\\setbcdlocale\\osbaseln.exe (copy)"}, {"hashes": ["0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699"], "path": "%System32%\\mfvdsp\\msaudite.exe (copy)"}, {"hashes": ["9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee"], "path": "%System32%\\KBDINASA\\MDMAgent.exe (copy)"}, {"hashes": ["84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce"], "path": "%System32%\\webcheck\\EmailApis.exe (copy)"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d"], "path": "%System32%\\NcaSvc\\mstext40.exe (copy)"}, {"hashes": ["9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f"], "path": "%System32%\\msxbde40\\msscp.exe (copy)"}, {"hashes": ["2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c"], "path": "%System32%\\ActionQueue\\hhsetup.exe (copy)"}, {"hashes": ["380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "path": "%System32%\\MP3DMOD\\msdmo.exe (copy)"}, {"hashes": ["41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2"], "path": "%System32%\\setupetw\\PackageStateRoaming.exe (copy)"}, {"hashes": ["631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481"], "path": "%System32%\\MSWB7\\msrle32.exe (copy)"}, {"hashes": ["bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "path": "%System32%\\MapControlCore\\moshost.exe (copy)"}], "ip": [{"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "ip": "50[.]121[.]220[.]50"}, {"hashes": ["005325575d0ddbf7aec9594a763e56fcc14abfd856946c12a1509c79ed17f8dc", "03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4", "040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4", "3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35", "39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a", "41cc987e92831331507bf07c6e6635971148a2e8f1d81c2324fed8cf612c2cb2", "530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455", "5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc", "8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19", "9d114841ba6da315c87716d1decfb1baa3cb6cb2ca29266329a317c893370f9f", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa", "ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293", "d3d3df5eabf6515471f7bcfaf954be245c843c4f6f324c9d4c4ef1d463c70029", "f1ce407ecfa5849ffff5d217f4c38393479e0d48a758785364b4bf0e6592ec8f"], "ip": "81[.]169[.]145[.]94"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d"], "ip": "204[.]79[.]197[.]200"}], "mutex": [], "registry": [{"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["040f519923edd040b77e610b9928e938c2bf3553390a011c9b28499af1a5e87d", "0f4310db63ae6642dc990b17657155bc953ea205fc152628816d0b3102f53699", "13395480728601e6b67c7e01322f384949f98c91ba17cf4f36c39463bb168fcd", "2d3eaebc55dcb73142a4c137f0b6b3d3af9bfd7a3df0f6ede0556e077a2e817c", "37a52d71ece62cad2a708882c8c6d9a68918ed8cbd5c6bbeb3d8fb1d62f51cea", "5388831073b175702bdf8e8a8abed37a7448f76884e34abdc179cc5748e1d91a", "60baed172cf35a78dd78d4c95a7866fa0d2d44b190f4d2ad7d1a5012332cd70d", "84681632f20394f4915badee1115455244c7b9230558bd38b65cca9c6ca20bce", "9f94d47fc752edcc692c4a93ac71b18af8143c69d6c6301a1ed57a4b3eb029ee", "bf12044c256ca7078037769931b69191298f89d88f874e8076220fc0c47e20aa"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["5ad7061c5a437ca0a7f358c7e8b9494ba6ee003ae6ea933b936647dbf7c856c6"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MIBINCODEC", "value_name": "ImagePath"}, {"hashes": ["380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMPUTERDEFAULTS", "value_name": "ImagePath"}, {"hashes": ["631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDURDU", "value_name": "Description"}, {"hashes": ["56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TXFLOG", "value_name": "ImagePath"}, {"hashes": ["2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ONLINEIDCPL", "value_name": "ImagePath"}, {"hashes": ["631a8626457099b376007028e7ddd99899a6b99d925ff306ca79c4413814d481"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDURDU", "value_name": "ImagePath"}, {"hashes": ["530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PRVDMOFCOMP", "value_name": "ImagePath"}, {"hashes": ["8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0026", "value_name": "Description"}, {"hashes": ["380ec7963c4ae61fe23694d6d55c5fadd6e0b3edd1703a68eae08a19a45deef4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\COMPUTERDEFAULTS", "value_name": "Description"}, {"hashes": ["3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORKITEMFACTORY", "value_name": "ImagePath"}, {"hashes": ["3912572607dde23ef906cc198ef93a9ecf84792c73bab6453018d430f5bddc35"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORKITEMFACTORY", "value_name": "Description"}, {"hashes": ["39341f8c39d9397c55c0b7d2fd8900a53a1a31102b472049adcbd285a226ec6a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSDATA0018", "value_name": "ImagePath"}, {"hashes": ["03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MMCICO", "value_name": "ImagePath"}, {"hashes": ["03da988ff6a60cb9d289fff840624b9e96b880c01038823dfe75427d6cf1c8e4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MMCICO", "value_name": "Description"}, {"hashes": ["530048acdaab8b2319906709eff1ff80f8a4d9faf499636f5fae1183bcd36cc0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\PRVDMOFCOMP", "value_name": "Description"}, {"hashes": ["2bda437f09055e67fa0c1d952b205163dc7b14127a35cdbd9fcb537df3625ca3"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\ONLINEIDCPL", "value_name": "Description"}, {"hashes": ["8f40611a222c4fb8e27120fb520be8d93e4aa213e7de94ad906995eb75d3dc19"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDGKL", "value_name": "ImagePath"}, {"hashes": ["56755cb9f435a575b6cf95eb11ebdf48edb89a7819e943711011aa67a6950455"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TXFLOG", "value_name": "Description"}, {"hashes": ["8a837c90cc69c5cbecf3dc77435760f26695216fc2205bed858900192a21e3cc"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NLSLEXICONS0026", "value_name": "ImagePath"}, {"hashes": ["ca3a968ced4668226b426782a2d4796750d6f445abd41022be05620ec34bc293"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NATIVEHOOKS", "value_name": "Description"}]}, "reports_count": 27}, "Win.Dropper.Glupteba-9622152-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "process-long-cmdline", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "listening-port-opened", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "artifact-windows-task", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "registry-autorun-key-modified", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "windows-util-schtask", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "potential-registry-persistence", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "artifact-flagged-vm", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "modified-file-in-system-dir", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-imports-empty", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "process-with-multiple-children", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netsh-firewall-generic", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "pe-imports-exe", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-antianalysis", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "pe-header-subsystem", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "enumeration-bcdedit", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "artifact-av-detect", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1063"]}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "pe-artifact-invalid-certificate-signature", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-util-bcdedit", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "sc-service-security-descriptor-modified", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "sc-service-security-descriptor-deny", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "pe-invalid-checksum", "hashes": ["e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "http-response-client-error", "hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}, {"bi": "electrum-coinminer-detected", "hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Glupteba is a multi-purpose trojan that is known to use the infected machine to mine cryptocurrency and also steals sensitive information like usernames and passwords, spreads over the network using exploits like EternalBlue, and leverages a rootkit component to remain hidden. Glupteba has also been observed using the Bitcoin blockchain to store configuration information.", "hashes": ["5670199aa0a3dd81555823a2605a27600bb3c363aaa83fd5800ba184bce20b7a", "614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "6d25ac88ccd2415a7d5a79c3a4a16627e02dea3393bfecda5d8c12526828f68c", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "912dae86e4a8900fd638577498b104a044566ec1f383325b54ac3f7700f1cb57", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "b036c3198cd726b3a26c01addc66485a8db8f43a8b46865fb5917d4924fa307d", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208", "e58be00166c4ad9d98a1bddeaad1ddb9e8963f8b5c29d1e64fcf2b32cec7792f", "e6cf436b4f2826f5c08cf759c5115c090e244c6e663ececf31baebf0fb88e6fc", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b", "fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "iocs": {"domain": [{"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "vsblobprodscussu5shard60[.]blob[.]core[.]windows[.]net"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "vsblobprodscussu5shard35[.]blob[.]core[.]windows[.]net"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "bbistrovantonbb[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "raw[.]githubusercontent[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "yuio[.]top"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "dragon085[.]startdedicated[.]de"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "electrumx[.]electricnewyear[.]net"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366"], "host": "3da53086-4bcb-43b0-ad47-2ffbf815ec2a[.]server1[.]2makestorage[.]com"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366"], "host": "3da53086-4bcb-43b0-ad47-2ffbf815ec2a[.]server1[.]sndvoices[.]com"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366"], "host": "3da53086-4bcb-43b0-ad47-2ffbf815ec2a[.]server3[.]easywbdesign[.]com"}, {"hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "host": "58ad11f1-d032-4975-96d8-fb3a8f088d23[.]server2[.]sndvoices[.]com"}, {"hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "host": "58ad11f1-d032-4975-96d8-fb3a8f088d23[.]server4[.]easywbdesign[.]com"}, {"hashes": ["fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "ec923cc8-b4f7-4944-a089-ebb2522bb210[.]server3[.]easywbdesign[.]com"}, {"hashes": ["fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "ec923cc8-b4f7-4944-a089-ebb2522bb210[.]server3[.]sndvoices[.]com"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "host": "33e2874d-00ce-417d-a487-6fc888b62a43[.]server1[.]2makestorage[.]com"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "host": "33e2874d-00ce-417d-a487-6fc888b62a43[.]server2[.]easywbdesign[.]com"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "host": "33e2874d-00ce-417d-a487-6fc888b62a43[.]server3[.]sndvoices[.]com"}, {"hashes": ["7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c"], "host": "3a5443d4-9e76-479b-b8c6-383c3acfe191[.]server1[.]sndvoices[.]com"}, {"hashes": ["7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c"], "host": "3a5443d4-9e76-479b-b8c6-383c3acfe191[.]server2[.]2makestorage[.]com"}, {"hashes": ["7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c"], "host": "3a5443d4-9e76-479b-b8c6-383c3acfe191[.]server3[.]easywbdesign[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "9f1361f6-1c00-44b0-b0c4-84cf5197de8f[.]server2[.]2makestorage[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "9f1361f6-1c00-44b0-b0c4-84cf5197de8f[.]server2[.]easywbdesign[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "9f1361f6-1c00-44b0-b0c4-84cf5197de8f[.]server3[.]sndvoices[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "e2[.]keff[.]org"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "rbx[.]curalle[.]ovh"}, {"hashes": ["8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611"], "host": "5ae479b6-060f-4cbf-a4f2-f5af7e32ff4e[.]server2[.]sndvoices[.]com"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "host": "bbda4b8a-084f-4d0c-8e36-c72af60c08b5[.]server1[.]sndvoices[.]com"}, {"hashes": ["8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611"], "host": "5ae479b6-060f-4cbf-a4f2-f5af7e32ff4e[.]server4[.]2makestorage[.]com"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "host": "bbda4b8a-084f-4d0c-8e36-c72af60c08b5[.]server3[.]2makestorage[.]com"}, {"hashes": ["8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611"], "host": "5ae479b6-060f-4cbf-a4f2-f5af7e32ff4e[.]server4[.]easywbdesign[.]com"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "host": "bbda4b8a-084f-4d0c-8e36-c72af60c08b5[.]server4[.]easywbdesign[.]com"}, {"hashes": ["7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c"], "host": "af3391fa-41ae-4a2d-8967-384f2e64cd67[.]server2[.]sndvoices[.]com"}, {"hashes": ["8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611"], "host": "38a5a730-ef70-4cad-86ec-441c2879ddf0[.]server3[.]sndvoices[.]com"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "host": "7e180943-3a13-46ed-a1b8-5750594a0aaf[.]server3[.]easywbdesign[.]com"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366"], "host": "c27e28a3-3d0e-4317-b27d-4e1f6fc549be[.]server3[.]easywbdesign[.]com"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "host": "5aeb7079-1f58-43a4-a75e-63e3ed1da563[.]server1[.]easywbdesign[.]com"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "host": "a81b82cf-e58c-4581-a134-6fd429f88208[.]server3[.]sndvoices[.]com"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "host": "a81b82cf-e58c-4581-a134-6fd429f88208[.]server1[.]easywbdesign[.]com"}, {"hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "host": "4e760618-9a82-418a-9b5f-d79a828f5ceb[.]server2[.]easywbdesign[.]com"}, {"hashes": ["ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "host": "4e760618-9a82-418a-9b5f-d79a828f5ceb[.]server3[.]sndvoices[.]com"}, {"hashes": ["fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "host": "cf919f6a-fea2-46ad-9452-7358dd5e4698[.]server2[.]easywbdesign[.]com"}], "file": [{"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%SystemRoot%\\rss"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\csrss"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\csrss\\dsefix.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\ntkrnlmp.pdb\\9E22A5947A15489895CE716436B45BE02\\download.error"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\pingme.txt"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\Symbols\\winload_prod.pdb\\B7B16B17E078406E806A050C8BEE2E361\\download.error"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "path": "%APPDATA%\\d12c99f7af77\\d12c99f7af77.exe"}], "ip": [{"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "104[.]214[.]40[.]16"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "104[.]31[.]69[.]181"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "104[.]28[.]17[.]75"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce"], "ip": "104[.]27[.]165[.]226"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "e20ba316d143b2da20e1edf92c9199d8f84f1c787f10af230fa604197a863208"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "ip": "172[.]64[.]204[.]26"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "ip": "172[.]67[.]177[.]188"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "172[.]64[.]205[.]26"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "ip": "104[.]27[.]164[.]226"}, {"hashes": ["bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4"], "ip": "172[.]64[.]171[.]11"}, {"hashes": ["7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611"], "ip": "172[.]67[.]132[.]177"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "ip": "72[.]21[.]91[.]29"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "ip": "151[.]101[.]192[.]133"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "ip": "69[.]64[.]46[.]27"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "ip": "104[.]31[.]65[.]6"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "ip": "104[.]31[.]64[.]6"}, {"hashes": ["fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e"], "ip": "74[.]67[.]240[.]204"}, {"hashes": ["fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["fb1057dc18d7bc29ec601279a1b7be92a98fd98e1e366db5b6c0621954fa4cc9"], "ip": "83[.]151[.]238[.]34"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "ip": "40[.]90[.]22[.]185"}, {"hashes": ["fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "ip": "172[.]67[.]154[.]90"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "ip": "104[.]28[.]16[.]75"}, {"hashes": ["a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2"], "ip": "40[.]90[.]22[.]188"}], "mutex": [{"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\Mp6c3Ygukx29GbDk"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "25ba6ebb3e470993540ebc62e98a51e2"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\25ba6ebb3e470993540ebc62e98a51e2"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "Global\\b7c341015338340fc8cc5c21e0473579"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "name": "b7c341015338340fc8cc5c21e0473579"}], "registry": [{"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "DeleteFlag"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\INSTANCES", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\INSTANCES\\WINMONFS", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMON\\SECURITY", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONFS\\SECURITY", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMONPROCESSMONITOR\\SECURITY", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "d12c99f7af77.exe"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CampaignID"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d12c99f7af77"}, {"hashes": ["614a91973a8f2c0bba77da1964a5e2c1a2fd4bf025c0aa93e1a796ac8feb4366", "618d248a10be3159a7d98d1494526ba85e15916b5ed08fdd5aa93ba79fa4a22e", "7d4f7aac870360fbd88a7960e78b7734b847adfe665eab96cd248eadaa03d55c", "8524e02ea05b6ec59aaf2262a23e585f5542e8df74147c281617ed0919469611", "a99a10ac6ba7dd0ee6fdd7baa36e37d461222a5315a065490e32ba352e4cf2b2", "bac04e8347c6823fe43f7382fa11d8b995d6a2bd9b6e57de99128f11114188ce", "ca9a5c64bac3f876312fd82ad7f50735c7df5278635a7e62c86fb901f30e0db4", "fa43be09e5dc02df2f1bcfbbb132dc29e7c0367bb4f3c24b8bf03d5b518c423b"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}]}, "reports_count": 16}, "Win.Malware.Blackshades-9633290-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-long-cmdline", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "pe-uses-visual-basic", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "files-deleted-used-batch", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "unsigned-roaming-execution", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1093"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "windows-firewall-modification", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "network-dns-safe-categories", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "registry-firewall-exceptions-enabled", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "shades-rat-detected", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}, {"bi": "malware-dorkbot-cmd-detected", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-resource-lang-albanian", "hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Blackshades is a prevalent trojan with many capabilities including logging keystrokes, recording video from webcams, and downloading and executing additional malware.", "hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "iocs": {"domain": [{"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "host": "myftip[.]myftp[.]biz"}], "file": [{"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%APPDATA%\\JavaUpd.exe"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%SystemRoot%\\SERVIC~2\\Local Settings\\AppData\\Local\\Temp\\MpCmdRun.log"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%APPDATA%\\.Java"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%APPDATA%\\.Java\\JavaUpdate.exe"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%APPDATA%\\Ted"}, {"hashes": ["e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134"], "path": "%TEMP%\\FNFWO.bat"}, {"hashes": ["e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134"], "path": "%TEMP%\\FNFWO.txt"}, {"hashes": ["711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e"], "path": "%TEMP%\\FGDME.bat"}, {"hashes": ["711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e"], "path": "%TEMP%\\FGDME.txt"}, {"hashes": ["5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af"], "path": "%TEMP%\\GFTAJ.bat"}, {"hashes": ["5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af"], "path": "%TEMP%\\GFTAJ.txt"}, {"hashes": ["2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce"], "path": "%TEMP%\\BGLYK.bat"}, {"hashes": ["2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce"], "path": "%TEMP%\\BGLYK.txt"}, {"hashes": ["5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c"], "path": "%TEMP%\\JIVCL.bat"}, {"hashes": ["305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1"], "path": "%TEMP%\\XUIUF.bat"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e"], "path": "%TEMP%\\UBCIA.bat"}, {"hashes": ["5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c"], "path": "%TEMP%\\JIVCL.txt"}, {"hashes": ["305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1"], "path": "%TEMP%\\XUIUF.txt"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e"], "path": "%TEMP%\\UBCIA.txt"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%TEMP%\\HMIIU.bat"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%TEMP%\\HMIIU.txt"}, {"hashes": ["86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "path": "%TEMP%\\GRWSG.bat"}, {"hashes": ["86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "path": "%TEMP%\\GRWSG.txt"}, {"hashes": ["531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0"], "path": "%TEMP%\\FSOMR.bat"}, {"hashes": ["531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0"], "path": "%TEMP%\\FSOMR.txt"}, {"hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10"], "path": "%TEMP%\\BXVAN.bat"}, {"hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10"], "path": "%TEMP%\\BXVAN.txt"}, {"hashes": ["baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca"], "path": "%TEMP%\\DQGUQ.bat"}, {"hashes": ["baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca"], "path": "%TEMP%\\DQGUQ.txt"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e"], "path": "%TEMP%\\TUQOQ.txt"}, {"hashes": ["305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1"], "path": "%TEMP%\\FKXGH.bat"}, {"hashes": ["305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1"], "path": "%TEMP%\\FKXGH.txt"}, {"hashes": ["2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce"], "path": "%TEMP%\\NMHQX.bat"}, {"hashes": ["531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0"], "path": "%TEMP%\\TSEMD.bat"}, {"hashes": ["2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce"], "path": "%TEMP%\\NMHQX.txt"}, {"hashes": ["531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0"], "path": "%TEMP%\\TSEMD.txt"}, {"hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10"], "path": "%TEMP%\\FOYWG.bat"}, {"hashes": ["5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10"], "path": "%TEMP%\\FOYWG.txt"}, {"hashes": ["5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af"], "path": "%TEMP%\\JASKG.bat"}, {"hashes": ["5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af"], "path": "%TEMP%\\JASKG.txt"}, {"hashes": ["711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e"], "path": "%TEMP%\\EDQGU.bat"}, {"hashes": ["86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "path": "%TEMP%\\NEYDN.bat"}, {"hashes": ["86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d"], "path": "%TEMP%\\NEYDN.txt"}, {"hashes": ["711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e"], "path": "%TEMP%\\EDQGU.txt"}, {"hashes": ["e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134"], "path": "%TEMP%\\JWSQA.bat"}, {"hashes": ["e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134"], "path": "%TEMP%\\JWSQA.txt"}, {"hashes": ["baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca"], "path": "%TEMP%\\LULAV.bat"}, {"hashes": ["baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca"], "path": "%TEMP%\\LULAV.txt"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%TEMP%\\MIJUR.bat"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "path": "%TEMP%\\MIJUR.txt"}], "ip": [{"hashes": ["baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "ip": "104[.]19[.]148[.]8"}, {"hashes": ["ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "ip": "172[.]67[.]161[.]60"}], "mutex": [{"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "name": "PNPR45LDRT"}], "registry": [{"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": null}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Java_Update"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\SRVID\\ID", "value_name": "PNPR45LDRT"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKCU>\\SOFTWARE\\VB AND VBA PROGRAM SETTINGS\\INSTALL\\DATE", "value_name": "PNPR45LDRT"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\JavaUpd.exe"}, {"hashes": ["1d62f2c6387aa34114f16326557891cbaba09a70c05d5a9162ba22fea063d87e", "2c9060b861f90c68ea8399401f9cca67c7f927fb0493ccffe09688db14afd1ce", "305c837547aa24e57539f0a08f38815cc1e75a4e57c8577f6ca43986b9b56ee1", "531ffbb5bd0f768b515f1a9441339d538c5f43d698b47585503ba3316e4f55c0", "5af4bca9cc73c8832b7e3d534d48efdccb82508573785077f4b70cd56e96380c", "5f14120b9ec348e8c83d4bb35c35115b39fac4592ffe984f2f82a38ba84ebf10", "5ff410ba8a06cb0651a50e2c318580887520b25ea9e03cd3624a64a0122431af", "711638888077e196b40ef64a26cc9091f3e85fa9d6a97b446e39761682c7b81e", "86c7d6f242a0baac707140642d7cf83bb40276e24e9a02f84b397ce020477e1d", "baf10696e313cbd84543301976b1ac53a7e3598566a32a0cdb3208ed28fc82ca", "e740612c44fe4f1ef0678ea57654174eca8f6db93f498fb2260bddfe9607a134", "ee3c2f88446fca30a5a0d5a43b790da16532294203b0f4a032cffe566e5eb7c9"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE\\AUTHORIZEDAPPLICATIONS\\LIST", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\.Java\\JavaUpdate.exe"}]}, "reports_count": 12}, "Win.Malware.Ponystealer-9635182-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "9c85998a3c1df8455662cab244d1d9b9ea4ecb894432e8df63f4e71243b0bb33", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "9c85998a3c1df8455662cab244d1d9b9ea4ecb894432e8df63f4e71243b0bb33", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "9c85998a3c1df8455662cab244d1d9b9ea4ecb894432e8df63f4e71243b0bb33", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "pe-invalid-checksum", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "9c85998a3c1df8455662cab244d1d9b9ea4ecb894432e8df63f4e71243b0bb33", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "malware-ruskill-mutex-detected", "hashes": ["d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-query-nxdomain", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-login-info-modified", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1098"]}, {"bi": "modified-file-in-system-dir", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "enumeration-email-program-information", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1114"]}, {"bi": "process-long-cmdline", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "netbios-query", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "artifact-windows-task", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-login-info-guest-modified", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1098"]}, {"bi": "malware-pony-stealer-detected", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "malware-fareit-file-activity", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "registry-modification-reg", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "task-ran-using-system-account", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "cmd-exe-file-deletion", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "windows-util-at", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0003", "T1168"]}, {"bi": "registry-service-schedule-and-task-path", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0005", "T1035", "T1060"]}, {"bi": "hosts-file-modification", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "feed-domain-modified-host-file", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": []}, {"bi": "cmd-exe-substr", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "cmd-windows-env-vars-detected", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0005", "TA0002", "T1027", "T1059"]}, {"bi": "malware-generic-infostealer", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "enumeration-ftp-program-information", "hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "created-executable-in-user-dir", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-requested-named-pipe", "hashes": ["d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "pe-section-execute-writable", "hashes": ["181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-resource-lang-russian", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "malware-compound-cta-activity", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "network-communications-http-post", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-snort-protocol", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "network-http-blank-user-agent", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "pe-imports-psapi-dll", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "file-ini-modified", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0003"]}, {"bi": "sinkholed-http-response-header", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "registry-created-user", "hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "mitre_attack_tags": ["TA0005", "TA0003", "TA0004", "T1112", "T1098"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-opendns-malicious", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "feed-domain-banking", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "files-deleted-used-batch", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "unsigned-roaming-execution", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "pe-imports-toolhelp", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-zeus-mutex-detected", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-korean", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "eml-same-sender-recipient", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0001", "T1193", "T1192"]}, {"bi": "outlook-express-com-server", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0009", "TA0008", "T1122", "T1175", "T1114"]}, {"bi": "eml-link", "hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "mitre_attack_tags": ["TA0001", "T1192"]}, {"bi": "pe-dos-header-initialip", "hashes": ["a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-initialcs", "hashes": ["a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-explorer-suspicious-launch", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "netsh-firewall-generic", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "compound-netsh-firewall-add-windows-directory", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089", "T1036"]}, {"bi": "firewall-exception-list", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "malware-protected-storage-proxy-trojan", "hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33"], "mitre_attack_tags": []}, {"bi": "windows-crash-tool-execution-detected", "hashes": ["2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0"], "mitre_attack_tags": []}, {"bi": "crash-dump-file-created", "hashes": ["2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0"], "mitre_attack_tags": []}, {"bi": "fault-report-file-created", "hashes": ["2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ponystealer is known to be able to steal credentials from over 100 different applications and may also install other malware such as a Remote Access Trojan (RAT).", "hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "08470a9a850e8e90699fcb7bd98af1aadc170b722bc37e42012140f3470e98d7", "08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "0f1f19244fcc11818083aa1f943bbead338f89e046b8a57a50ec7cf48b62496f", "128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "194358bb34803734db262b101868964c2b014b9c2a8590282d51dc9a2d0f8ec0", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "26581c9984282b2edb51caf460380bc0379e6ab15fdbd66c0b916700957a5d7d", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2ce8eb8d28cd9a4c620e2034e51f5c26596869e435b8bed3c42587887ece221c", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "3561698e67140a8e22daf2d2d451c21b07ed56a2cc553dbb8e84e4ccbaf453d1", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "42c80fa93d72b9927a83fc26c527fc0c95ff970c853b22ebf0969c52b760c4da", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4857b56cc38b093f3968cd8e5aab760fcd0fd4cd647b981365efe059b1992dff", "4b0615cb8dc6fd3c2501f4608fca0abe7fa46be8977c6da927defc1d6e16e038", "4b744a5531a8c7fc90297be4284c4be27ca1457ecac4e7ed0b09b7261fbdc6d9", "4b7e76bc14cec989ffd382f352ac47dfa48fdb9154720170e8dbb5d89396aa95", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "5009502bdd697532ba9f10bdbfaeed628f49c96a712d5ea72711c28821825246", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "5f99fb0254b4a7267c4b9869612878b1136bbcd1a00424fae242a8d26e1def9d", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "6ed17e2ca61808adb36c8eaf9811b9e9a8db7b4f1a3b3605269fd7210e12d797", "74bc74fa7e89fe033e01d008606494923010d914852329c93ef23cde59688cfd", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "8b808b8ea8543e4a8cf1082719b40319962d2ffeecd667016e9afd297761be59", "8f88872631f1b575dd0270f46cc1d34672d8b897020e457674799f3028d8c132", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "911f983cb9e522498a4f8c3b03c47c7ac9f70c5fb63e8458a29fb5e1ff90aed3", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "9c85998a3c1df8455662cab244d1d9b9ea4ecb894432e8df63f4e71243b0bb33", "9fab0d9db57ef99a1b08b7d4a05084cacba135aaaf16ce3be3119b1023fc8493", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "a0188d273929cedd9e3d59d7fd67c85b3b7b537090c8e81e9c660516a6ad4872", "a5f9d7a41d3736f284e207289b579fb809ccc54f323e333b3d85c2b6f81b0d33", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "a79273cea34c29eb8e024ccb3b1f51d7005236af24132ba013e9dacc6a8b3591", "a865155926e4433ce55187ba3a76d7c0260360a7c75e4bac9617b8fea018cb34", "ae0da56615468248d2da9fc7265081536d2602b724b03e11cf8110595d07acb1", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "afd1f328d2e53ea033575d244b674cf9b7fb1ba6662b67052e6cc4001ed56f74", "b068250bf40d991ea2cc2db83a0130c116277d0c973619f05cc17abd53d47836", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "bae0964f74fcea448f243035015dd97a7d378b11584c43b55a92b723bc3db346", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "bff3fc8e4ae8d067d345ef1bca8d83b3ea91bb26a88e64996c0e0a39550420f9", "c49c465ed42c0216fdebe2e0ae5019e06092da85dd67163eb57c0e36713150c7", "c6ab41570a41e5e4ad6401aac3a58418f214150c9d7db58230ee219d6b3ff56a", "ca4e7a301aac605fbd0ef710d7f501b7bdd4ded772d8f9b72fd8053658aff029", "cb64128fa41269ac9788e2d5b005cfe36cc04d275e14263bfea60140fd48d2d6", "ce43e306478c52988b93a7a2f993616ea551de80e4a25252955a86a215890772", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86", "d3892924a17283b53233ca576cd0b919ad117b414b29c10c13fef6c418f5eb86", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "dd4e12c8b5b9a3877b36220d56be97096b25917e0854347fc4834ba51546ee84", "e4dbf650680b66453fd57cf797b0f73e2d418d36ba70d586f41b76d6bd4a7ee9", "e7c4de5baa8b479d45716339700c5bbed2f303b2ea5911c41248e8726ff22b7c", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "eeeaf2ac5dc47417231666546ef4c858b54f6daf51730bc634bfb112009e723d", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f46e47acc02a0417c79d776256ac69fdc0cd2af543b01291d782be6d76cac2f9", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a", "fb37e9ae376c08062d33a95def54779f8256e6929802611e5e44f51d20875b5c", "fb6423873e6ea416a8671cea6a48b7faf95720a8baed01ba4a434cbd9081b93f", "fe3ac0020c8dbf053e80cbb8fa6d39cdaf074c09f2d402c0e9dd3344e102573b", "fe41af638c90eba35df5a329b20727b09bd4e0c66d660a13176eac96e58cd6e1"], "iocs": {"domain": [{"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "host": "api[.]wipmania[.]com"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "host": "uranus[.]kei[.]su"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "host": "earth[.]pipro[.]net"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "host": "saturn[.]losa[.]pl"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "host": "gooryto[.]info"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "host": "saliply[.]info"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "host": "upload[.]wikimedia[.]org"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "host": "www[.]kaspersky[.]com"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "host": "mqvbi-jloa[.]in"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "host": "www[.]securelist[.]com"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "host": "xbgmttu-zlymbjs[.]in"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b"], "host": "e13678[.]dspb[.]akamaiedge[.]net"}, {"hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "host": "datetimes[.]cc"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "host": "googlebarcorp[.]com"}], "file": [{"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%APPDATA%\\<random, matching [A-Fa-z0-9]{5,8}.exe"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%System32%\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\catdb"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%System32%\\catroot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%System32%\\sru\\SRU.chk"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%System32%\\sru\\SRU.log"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "path": "%System32%\\sru\\SRUDB.dat"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%System32%\\drivers\\etc\\hosts"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "\\atsvc"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%System32%\\Tasks\\At1"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%SystemRoot%\\Tasks\\At1.job"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%System32%\\drivers\\etc\\test"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%System32%\\drivers\\etc\\hosts.sam"}, {"hashes": ["0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86"], "path": "%APPDATA%\\Ooawak.exe"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988"], "path": "%System32%\\sru\\SRUtmp.log"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988"], "path": "%System32%\\SRU\\SRU.log (copy)"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988"], "path": "%System32%\\SRU\\SRU000A8.log (copy)"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB\\$RECYCLE.BIN"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB\\$RECYCLE.BIN\\S-1-5-21-2580483871-590521980-3826313501-500"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB\\$RECYCLE.BIN\\S-1-5-21-2580483871-590521980-3826313501-500\\desktop.ini"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB\\System Volume Information"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\D4CF19EB\\System Volume Information\\tracking.log"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\Storage\\log.log"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "path": "%TEMP%\\ppcrlui_1752_2"}, {"hashes": ["1699e8bd2ac59be6b3cd92fffd879066d277955deddda3bdd154a159351c9789"], "path": "%LOCALAPPDATA%\\Office14.PROPLUSR\\Office14.PROPLUSR.scr"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows Mail\\Local Folders\\Inbox\\0A055F74-00000001.eml"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "path": "%TEMP%\\tmpcd301944.bat"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "path": "%APPDATA%\\Icvayb\\iszy.exe"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b"], "path": "%SystemRoot%\\SysWOW64\\msvybpyi.exe"}, {"hashes": ["1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34"], "path": "%TEMP%\\2142094471FdOh"}, {"hashes": ["150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933"], "path": "%TEMP%\\2142023802FdOh"}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af"], "path": "%TEMP%\\-2130022095FdOh"}, {"hashes": ["56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab"], "path": "%TEMP%\\2142110476FdOh"}, {"hashes": ["928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11"], "path": "%TEMP%\\2142092645FdOh"}, {"hashes": ["62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd"], "path": "%TEMP%\\2142116373FdOh"}, {"hashes": ["30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe"], "path": "%TEMP%\\2142069510FdOh"}, {"hashes": ["9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de"], "path": "%TEMP%\\2142046235FdOh"}, {"hashes": ["becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115"], "path": "%TEMP%\\-2130019131FdOh"}, {"hashes": ["ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "path": "%SystemRoot%\\SysWOW64\\mssdivtc.exe"}, {"hashes": ["b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67"], "path": "%TEMP%\\2142073988FdOh"}, {"hashes": ["f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "path": "%TEMP%\\2142078917FdOh"}, {"hashes": ["eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947"], "path": "%TEMP%\\2142064768FdOh"}, {"hashes": ["d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205"], "path": "%TEMP%\\2142098589FdOh"}, {"hashes": ["f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641"], "path": "%TEMP%\\2142111724FdOh"}], "ip": [{"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "ip": "212[.]83[.]168[.]196"}, {"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec"], "ip": "68[.]66[.]253[.]100"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "ip": "23[.]40[.]30[.]30"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "ip": "134[.]209[.]227[.]14"}, {"hashes": ["37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7"], "ip": "209[.]85[.]232[.]94"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b"], "ip": "23[.]56[.]9[.]181"}, {"hashes": ["37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7"], "ip": "173[.]194[.]68[.]95"}, {"hashes": ["3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e"], "ip": "193[.]148[.]158[.]228"}], "mutex": [{"hashes": ["00d001d2987100038444af29be5416d0edf05a578288cd0789f6ed1c61b208f3", "0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "16d2a031f52a17bb9f38c46021db1a9fbeba45ae39f376b1fd87971293e354f3", "181a1e4f4717ab3c53911c8517273ee8d4b2cf93d3095790ce216e33b9506f63", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "2d78c819d70b25833ab37f29fca7cce7c3ec2a9934ab9c459cdf9399b1451279", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3b86ab82b81edbff4e11f7224950fe2762a206188bf7f9a2a23bf62e907fb11d", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "477342a6e875ddd8e62a661c50c4cf45862b1b1566d03b3c34e2e6b293f1d3c4", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "69ede339c610c9b1c223e5622b8810292b3256a3797e2860c08cafd44d91f15c", "7a4428fdfc1c23051dadb3959b0abe94651c31d9b146f41d11c2332b7ceffda8", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7cf35e9f2d4bfce719cdefa2e9008bec0c474d2df03f4a56ef8dbaab8a242b1d", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "80888709e6eeaf78c80b99e4680e86b3e0416acbb92dbb3c3cddf0a652ad3aea", "90f4e641a3226955b3f0e807bac5e32e6764181d063ba0df62ce0f6560464c4f", "92a443078ffa22e4d2176f47bcd3092a34154a7e736a066ee7c981d6782532e7", "9b703a65ea1c90d0629ca1267c9e76ea4bda2567175701f60dc717adb148a988", "a00e9ff0ee07d061710e1af22ec6b71cec3a005f14f9f8e485bd5ed7e286f9ec", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "af3554ff693821c0caf0c5a8beb22fd7bbe28e2e8fe6856e7908a9ebe70a9947", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86"], "name": "e621ca05-Mutex"}, {"hashes": ["0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86"], "name": "FvLQ49IlzIyLjj6m"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "name": "msrdp#v4.4.11"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "name": "GLOBAL\\{<random GUID>}"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "name": "Local\\{<random GUID>}"}], "registry": [{"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": null}, {"hashes": ["128c831146b1535b041615cfc11b4049b62140d5fb94384f803bdab8768a92af", "150e9a31cdb937e508186231dea5e4ed1629bde8a82d40e06b31f2032ba26933", "1e08ec0c3b1f420e156d79c5884913e3d1616a21c2ccb568319647ebd6689c34", "30c9c62283c1dd19e06f9819cc9f83dde1aaa35b794b18a954434a69ce0cd9fe", "56be6fd57b98c9ed7c4f4637afff34de39f64c011c643cbe71d093b4c2846fab", "62990c0bba3cc4f33a2ba42e60a1ab501c4a31dbdd22a78057661349c2beecbd", "928e46381bee0b8329e5ac7b9e95b0abb66b9c76a8d0ea0c60a01b7f5630df11", "9b2da18bba346fcedf450e32faf20d9901f4530419c14c7b2c009e3f06b4b8de", "b936de1ae1ca33e8035d26d2a82f3e3224a750d668ee2015a3131c38d86d2f67", "becaf545647b9cfbf7464b52fbe1d2820c273982f31df76677b9deb047078115", "d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205", "eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947", "f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641", "f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "key": "<HKCU>\\SOFTWARE\\WINRAR", "value_name": "HWID"}, {"hashes": ["0eb6544dbae3a211f5df28d2caf7d9161708235d3fb9cb74aefba58a7a826959", "27ce60a59ef0d798e7720ca9366819401069af78777d7adccb8761744e2332c0", "37041d1ab5cebf5fe4d786eb19316a6ad421af569f52d7bab6bcb7434f74c1d7", "3c77f844c8c5a5aa22b846c29b14477a5fecd04b80d9391f9f43d7c3c2af905e", "4024180ef0748e795124a9f0e6c32f5d58ada618992d9454708e2e8422e1cc83", "42b4e79513d6111987f57eab12e7f84df2098b2e94d5b151ab63b6ce29d782b6", "4e808931ebedfdee05aa1da34b86e2d4385e91808a9cd256e385ce6a1179702c", "545bc42e39b6eb2f0c6e90059be37ca9400807effedd53b8dc8835a6e870b02b", "7c501f41e5d1bbf8e3cf66dd16fe3ee628391f894503d537454caf07ea9ec076", "7dde29819531d4065ff144fcd8cd266550f6ea67c388ea32ac1c925467b23462", "a69db12c5bb2cdaa6f2ae6438eb86cf787360d909b3c4d6bc0b871ce32b480d8", "d0aae118322c403d6a52fbb53efea03f654720b67a827055d55e76e1b0dcfa86"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Ooawak"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\GROUPS\\00000201", "value_name": "C"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN\\ALIASES\\00000220", "value_name": "C"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN\\ALIASES\\0000022B", "value_name": "C"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS", "value_name": ""}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\SPECIALACCOUNTS", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\SPECIALACCOUNTS\\USERLIST", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\NAMES\\SUPPORT_8712", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EE", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN\\ALIASES\\MEMBERS\\S-1-5-21-2580483871-590521980-3826313501\\000003EE", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT", "value_name": "F"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\ACCOUNT\\USERS\\000003EE", "value_name": "V"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN\\ALIASES\\MEMBERS\\S-1-5-21-2580483871-590521980-3826313501", "value_name": ""}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN\\ALIASES\\MEMBERS\\S-1-5-21-2580483871-590521980-3826313501\\000003EE", "value_name": ""}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SAM\\SAM\\DOMAINS\\BUILTIN", "value_name": "F"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "Type"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "Start"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "ErrorControl"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "DisplayName"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "WOW64"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "ObjectName"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "Description"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\NETWORK ADAPTER EVENTS", "value_name": "FailureActions"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TERMSERVMONITOR", "value_name": null}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TERMSERVMONITOR", "value_name": "SetupName2"}, {"hashes": ["2ea50b1e232999a7f59c27af9ffaaa35354d18c048ee47693e6aa5a77c98025b", "ef7f0b577aab95d5e8824aa9469d5ed04d538a56525b5f931ba5b23dedfc06c2"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON\\SPECIALACCOUNTS\\USERLIST", "value_name": "SUPPORT_8712"}, {"hashes": ["08ffca3515c2e27bf2a540d76d9f41b2196fcd41e4b54596010746661c964c72"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\GOFANY", "value_name": "Suinyfydi"}, {"hashes": ["f5fdd7fc38a61ebd85c1cb607e77c8b0009309d6a59935b01584d27e3666bb9a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2142080321"}, {"hashes": ["eeddf0726deeff14818ff1dc6cac79782051149a61e738e7124be1adac848947"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2142065766"}, {"hashes": ["d48ce384c24430585ee437360bff724b93eeaac91e196e0a2fe7e20be511f205"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2142099416"}, {"hashes": ["f21fd725e27b292a028550a51528ac19ca80be3536d86dc87802f66362865641"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "2142113456"}, {"hashes": ["2eceebec98d1e3d5a4d821a32ba17389f4f4c125c6d65c521b89ad436b02cba0"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\WINDOWS ERROR REPORTING\\DEBUG", "value_name": "StoreLocation"}]}, "reports_count": 78}, "Win.Packed.Kuluoz-9629090-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "process-svchost-suspicious-launch", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-autorun-key-modified", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "malware-compound-cta-activity", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}, {"bi": "malware-kuluoz-mutex", "hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kuluoz, sometimes known as \"Asprox,\" is a modular remote access trojan that is also known to download and execute follow-on malware, such as fake antivirus software. Kuluoz is often delivered via spam emails pretending to be shipment delivery notifications or flight booking confirmations.", "hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd", "208d928b9923f3733a90a237213af14f3ce60aa9a007a446f7b8f56929fa8889", "20b527cd4591dd37142606859c607f323672a9450fb2c17e1753dcee5ac9ebca", "20bebd45a2af4368204ed639eb5b7b1b84f2ce303c1d888f7d5ec22e24289995", "20d32b15053edeb47dfc563c36c57e10c11e652da2c468fb362a7c6341ea76c1", "2136919d1287c8aaa96c3d76b4a345182a2ff11e54f8294225776c50ab3ac1d5", "21ccf08c0b8163df881c91d49e2f013900d39caf9d296b53293ba4552f2ddf5b", "21f30bef3f888ddab806156b504034beecab8190613b2e19d3958beef80db8ed", "2380867701e271dc8657b0404cc84c196067f3cd237eae44069cb16249969fab", "23922a3461f821db9eb7bb4802c1997856e9b44e2bd67e6098de46abb7acd742", "2532272eb718e075361993678bbfb6328cfca78159546929455ca4c7c22661fb", "26cbdd23febf079d5185020349b7a6cb1fbfa8f253987a7019b50121e216b03f", "27fabcbce691983e0755dfe3ce153c63307e0a39dbd3f3e0352c4819a6d6ce65", "29247c4cd1afbb6a647f384cf9fe83a03b47955b0f7f0cb04ce2c4366c10ab78", "296d1cbf1e259da32329686ca0b948491fb239117234ae6d9977840ed7f4403e", "2bf2ae21a40d5f8f18abae1c784ca674d0fc352cddaec0bfab68e20c8c913499", "2c8cdf411d56db94f4f4eeccc3a80a98af75c95dcc96d56bd516c19e2f131b2f", "2dc5032fcc61dd062f826a83b34c5d941abc0c5b9d72c1ec468484e3d2075b27", "2df97a11b71f6e6b22427e8b6c3d1bf64c714703368c2c83f6e4d18911307af4", "317d8f4894e2d9a1a62b2485c0c2a447a3d7f944dc4d787397f4ce8542070520", "32927b8e4f1d9c74d7e032ee6e276ba3112e22edf625815cbd7d0c280f60ebc7", "32b77be5b39aefe3adaa78917d5c2a289c26dc377978058e3fc5f98d3328e142", "339e5073b4b00f6fa1931585b91c9dbf693a3e0d3de5eb4864c99a59eba95ad4", "33a4b07a78322bba1d6d7456d0c2b9ea86d03c4dda3d5836d2d121771458cbbc", "3494ffe909001042c085db2e521dafe96cb7587275d6124e335fcb2684777aba", "365352bc89a942d171e2876d500b91947d02c2e69880d89523c627f9344660ee", "36ac7fc92033f0e6e3b2e73421834f699d70f6f1cc3e887c5f71e0c5695010a8", "3713ea04bca879e9cfc5d48c1cd29f3f334a379a5c770e8c1b191196a102c6bb", "37fa4bacc310270a5032564f10cf5c64e4a6c21cee41631abe21ac9f595e880b", "38b9d759ac73525dcaf112286982120a4062e4df8a4918b5eeefcc342bec08d8", "396e6b229787a8d5e1e2b4fab5664676bbeb47283afdd39f76cc2b8eb50d0664", "398167245a90e2abc9f45dea0d712f7b46f4eb355aef3daaae64f406cc6d9308", "39cabfc95c713925fd9f8498ecda1e04dc0d0e610544c2400e70709bd9d43468", "3aa486dc35d9be2945a18e223b57a71730d61ee5f6aba85c5a6957e46c3c2395", "3af92d1759a4b7fc834bf4bdaee33719a673349e84043a0cb27cec0769f77144", "3b23882fe7efeb07c677182c22b3468eb7610655bed4f1d345afa0bf6067b415", "3ba7bb06e7be710d6d083ccd2b6e5110d8ee8b6644f842a8f9c18f2c3db9a539", "3c25b0c1a1d0789c740b6b6591085950c4c9682e8af6ba7fb7ecb6464a0d3541", "3c35a11ceb6189e7372b0bf0acbe9b6f76e3ef35dea5ec968cb9db761b326008", "3ee9d55bc2e8327d69ef76ab3c4c8cf3ba67f76195750b2ac11a4405bb77869f", "3fb74f90abe42d3cbf956dc58f93ea638438049ec5dc95218300c583056de4de", "4016887330510ccb457e9c7630cb180520c0d88b9038f228a4b1ddf267627890", "41786fdd5a15e677ee9fbdeb5edf1f075c8db6129fd11eb4dcf10c00fa575732", "4206f92893a0b974cc437d149ff76b9e449b5a9b9208f5e28a210a4d8defbd35", "42c8fbb6916c2ee2cb2a966efec0c2d4b8dee3b6c2bacba864eb1ba8a645fa51", "442ba6d065613dcfb8a0f63908d4c65695cb8ca3f5bdd18fdc63cad10b4e043d", "45699fc9415f202ac05e176337f489581c2df6948377a381d34f5b59cf836053", "45a490aa61a5351ffdcb051e242332becfd1030c60fbb0a744594d3f3df5ae85", "45cba93624f9b85cdcbeb4dd74f5262abc0904cd126ff180b5cb2343db5a5707", "45df48928c4e0da6d381b117d175fce3e92afdfb859b69b430510775fe6146d6", "4682011f6839a2c1d35658a3660742a4a1c4941d317a05d2bfb392c0c25eb195", "46abf4d2472e1c7a8d821ba4f4a998a13d0f25190dec1ebbf4b2e8c3db557ef0", "474f7aae85941e13eb1fc0b2fb28c17c92846e4395396c2e07752fa27be9d794", "49738e6e4821692536d59b17ba390d1d94fb306d3bde2383f177007d193aaf12", "4ac43dc966dac06c5c3b5607f2e2d36d9b79dc3cc1a0b52e4f4def6611e15e22", "4c842d4f0a5e7489cc8fe5010e4880be4585f453f83b2fedb4d6e8d025984b18", "4cd1391a2fe894cc97b402fcdb6d3ee949cb3be0f0edc0a6a32a26bfee641428", "50defa2ad911b213b727a39434afdec499aaf90086059e22d8bf027dc4a604af", "521f24d4c22beb80b056484828687fbfb02c8914ca58460024d5181f5736695c", "5259f81dc49db709ec953de3b272ba1bf340203d51e4a6c47be1bd279e3939d0", "52ecb38336cc181ffc0e633a8e52ae383aba02a1ce244eb678792c75cfed0ffc", "55067f2e4beceba523eca29d88afc945eb218645aa7fcc3c8bfac1f996991961", "566139d4afe14b829251660a58ceaf1f776f8f2b79ce37976d4caefbf471f632", "587df53afeedf1b7044dc96ddb0a08d81359d0c8bee638234f5c7768133981b7", "588d862acd965b381d5bc213ddc77b1a5d05575d5978b5e3d946de7cc509bdcf", "59b5dfa3852b58c94ad849092c9777fbf8bbe140727648e32d187bb716931445", "5a1e15a7fe0834b6d84306ef28ce8fb78d9f7a37b55413d5c0ca640d1e99bbcb", "5a4753d16671af21c6a3d8fb4ece549e76db067e8cc2b9a7d6fcbf3faadce013", "5af0349053d01393dcd0351b97b470779038c80c679d0ecd679424cde8d9e8ad", "5b39f7ee5ba5bcd60a81d945087dd868adc19d32d6d6ef7e7dab84f93324d696", "5ba2373c8a509506eb54652ec07311384b8d1cd2e00d722c40dadcadcf0dcfd1", "5bf39ab54693f7a16bcd0ecf8b592bf8b82900b7252cce2942db9086f8b5f4d4", "5c061f1e0571bffacb03ba35e3ae60cf2c5f4e2abfb55bd19921f232a6408cbe", "5c81c52c2736adc0bb051d6431e0b837242d6e1e77c987125e81726128cb9b67", "5e94850f0fd27c9de6320166a901a22d14b369ffbeeccb6fdb07e79f4f36b829", "5eb5a8f0a6df2c1119fcbc489d5b94a210ac4d1e6f4075795546d51bb0916577", "5f6b8c6c4b63d8e4b3bd7cec972be7b2e2913cc5e5e5dde908f5d64d99c4d9d6", "6026fdbb62ac721d8baecbcdb287df8237ef6ca2d1d4cd522e8f7f69c3b2b318", "60a5b47843e8b78f4d36effc9ed3d22a883a4ae6d73dcee933ebf246a01253e5", "63388f28be3d44f909f55348065cd941b106ba8bf30d9cce77651fdf7828abd4", "6460513960e90be7c111be905c54b581716dbb60fcec6fd885a648511927b3ce", "64e906a854f7bd0ce85a4ab5b0e2c388c81ebca9bead1fa412709025bc3deb04", "64f770cab3afbcc0870e3ad8e29c5ac90b556e7818ddcf24f975aa487c1bfbce", "67dc00decb61803b2fc82419c7d1cebd4c4f4b64f1b26fac14564bf74f92cdbc", "6872e4b539cce55873dd2d353e881afe309c99c88ac7c2bca94cc1ae3c540db2", "6a1dbd89857d870489d8da27d5e66c7d9a21ac250f3e1f4440a99315f8d0883d", "6abdf4b32a46c1ba63f99cdebf701e8a0581d42c1058460d9716f08f940ab5b5", "6b6a9bd681be0148a9363ce9a3d6d24b69641a81b05b5a564204000c8386efbb", "6ba735c2c308e252dadda0d409d196bd6ad04c69f457543821dd37420bd878f8", "6c4389db9bec3e7284c6eba1282170a25cde4dbf32f1e5f8baa984beaf63b95e", "6f5a174faa15070da50ef728a0fa297c63fcacbd2905dd94c73169535afe4edc", "716fe549adc01ef1badbce9f0df777785acf1da1926430a6992c9b74e06c7ac7", "7329ab2c84ffb2f3f601543c19da2edee6278cb84f4c0b6c8d7fe755d265733b", "73a91125ce40e92a0a67046774b7c055b17a40acf7e0f89d840dd189f84712bf", "74440514ca5c6507ee73bc9965c31d1a74df25760fe04077f589d98404cd1ce9", "78f105facc186d5533867d465097c3427adbb3917e069a5d7e9f0647548d39d1", "7a8f7e589c460c3a57fb75d7c228d1673a46c9db89f7d7531e6f53d9fead4109", "7a94b07be52e95320e9aa26bfeb84ea924d1a8b05d1151af7aaaf1c2993e5805", "7ab70b73ab2205d21003b2a3ca7d0db903feeef8f1e39d71526eb7b66c0402a4", "7bbe7566e2917c420d7929a0b54231b70c3067d3ed39cfd8880b8fd49305be73", "7c0a2746be5c8752b083fa7a3a42c6b2e850b5f125c74f4365e4b2d09a555693", "7c8a20a083ff4883dccfab7ab138f18d9752cfb471a27aa57361ca7ae05478d9", "7dd565c7aca96da7c4a2e9400ee0b8a534bb47e6b05e7c671b75e8c1cf91e1ca", "7eddf12657e3f1156f02c411aa590e42b86f127b6934acbb8d5f60b7122ef2ca", "812ae2b31fc25d64fa3b5166c422856eab6b6b72a0e4e2a5da61ca2fd6f4578d", "813bfa2c1e383b4c0b62011fa5421945db6d2843a5c14e63cca480c2bfe46f00", "816743e5fe0bb936aa017a2c9569129ebcc4235b586b766b135e179d1120c734", "83dc231ef2ac26443fcf2614e307b9314fbf0a70974b70e9a573d49d3d0d1a03", "84e87d3fe3cb0f3df87a833b2feb7e7caf2066351efbbf992cf12b8b4564cdbe", "851e8449a89c19abc4745ed2a5de44f5db5b2c97155faa464524809e75077a63", "86ac6b7f054fc3eca3cda7d14896e98e2396f94702aff4c3e3c653fcf2d5ccde", "8700707eebde86869e4eba08c3ca4fe13a6bf171a37b2c950bb1f58767dee925", "87d2d590dcbeb0b9243f146c7f01aa3c62d4981de1938cba46badfa3a9b183ec", "87d50dd67b2e28fd01231d296ff7f370609f6840eb75ef0a78c5aa959ae978ca", "892a6cb466f79997b1ec91d5e1b9e7c9c48e6111fc90d9893ffe95f489f79ada", "89c9531381a959400b3aa5aa6c4015c1423a0b888557fdae4c6cb66f4862fd4a", "8a3480307ab32ec7174577c2ea9326e58a9e83ecaaf6272d03ac2458910d2dca", "8a58d94b6a540ebac0edc85b8842a4bc85427948749815785517be480b7fd7b8", "8a6f3abf3f5309bcc47d4ea1fe3339eb65d9c2844534a275bd7476b8216cc983", "8bb3b9181eb4733ed2186e8b012a746049718332b9bdd2d72f1ddd773a2250ca", "8c38ada08fed06159fb3850ccd2f1008c8668a3912c5cbf369a834044a5f568f", "8d6281f4821e347713a449d7ef2591d37179f5242ee20c598571b2a9333ed085", "8daaba16b66fb6a432aa4b0b067fd36cc05cab082fd005fefa31bd44339561e5", "8db3f44302285a004e565b35a3e33fa2df49f2d310c9e87af07d7bf21297e2a6", "8e29155ba4ea7226eb9b4f4c5347a7d81c2d77014c24e03f73b3a7dd0663b361", "8e2d5cdfef217ad6604ef528d56ea9e6e281192b5d6641d58e20b67728abade2", "8f766d858605b821a74f10415075058ca74d1508072fbd0d581a2077b5edc32a", "901b913b0ae6e824903a6613c3ead26a8f08b41e76fc65317937e5e6df3bf082", "92007405c90ffa116a35c9706b0864a8052650aed7c713f1ae5de97ea3d5d0d7", "92cdbecddf85cb4b74b52096833fd985e53dec0b93bc6457056016390ca48b93", "93108faef9c1f589dd9e6fe19646921702d947ec80fc17f9a04d7b347aeaf1d3", "938dbf241eb8d5b457af9957f5d1bf90f33ef3ccad9bef09f2d8cdbd059b46dd", "9459a257209394c38a8a1afae485912cc553010905fb482b1d5699cafd602912", "97174a8a813f9be1f866a560213ecf27c4d2f61006c29d09d55a149e6e16c448", "97fb937237c427e48e3e096926c0d8bbd3b5b56b57f1efe8c02d18ef479e4626", "9a2978c2baa74df590e186e3ff40a046a93cd19b5aad5c8652cd3cbb130a421a", "9c39b73467a09e6f7050e79a7cd59bc0daf4fffa67c4b301a22f00da2bd550ef", "9c8bc5101cfc17e08b6ff5fc94cd709704eafe2796e26f2434f57d0b64d52319", "9d8a83ed34c618c60a109e57c3a7e08320d68202c942fa8e879fc4460e421017", "9e3433a548de9f147ac491885cb638dae24ebef83a66e963b9ebe09679c5f7db", "9efc45b837169419e3d0b51f2ad0fe2794e5f6e076b7cd3db1a7d66f7191bce7", "9fec732a18bcc65f001ed1b5cb0d128b4b9710e1331187bdded5fd620e57ec0f", "a385e467560fc376db03a50fd426ee2452edb34da6e2b750b5c3f8e74183e571", "a38d717c3fa93ed42d22f23692297f24fa1ca19c0bff1e4c4c08fc014e712c65", "a3ba388ffc66b1eb89001e9bab2b513b7fa1a860858138f80d9d928e012dd225", "a40acb2043ae318cb6440daff7d3f5c7c9e8c16e6d7502051aa5e5fb5f303518", "a6846f46f676176620c05ad0b6694900359cc6543c2a7a1806889607471cec22", "a6943c96aca8460215d786fd17f8f89ccdf8fd700313eedc0f7b966b8ca44318", "a87fba472ffe3428388d588b62cf8c6663e6f648e0390f1b523d0e96b09891b5", "a967bab4b9a89a7aebc6bf076040b640431a3f0bae601bdcd1ab209ee8c71c4a", "a96d746c4a20cbb56db86871fd7238c955a60706140e0eefba64b205f1b0cd9d", "aa8250f5c5b82243663f7c05849b6d5f18c499ac86276fe5e296261efa31ab27", "aafb7257b73ea3aa3ec524a166811df4c70401499c1ae5e502d4abb123f5a13b", "ab751505ed40cea102b2e925e5b65d499bde87df61043fff82845a6abc6e994b", "ac0f1f0985e42cff0265452d7ea70974cb4c59ae5e5b0b8067e2c608ccba117f", "ac6b809a352f42b3ffc1d7cfe300b1edca5cfa09e92bb31e3d042b9ad3d18330", "ad102fe2d82a2cb5c43ea7259dbce86f69477ea3194708cd5571b2cdf876bd55", "ae5fb667391395633da390c317624c327e19fd85ab28192be011f05f724199bb", "ae95c143e42b2f5dd9229b7f28e0af9034b7b932bac14b3b1c4332a7e27e90d1", "b0173dc41998b2486c34ef47733eb8439611a4e6f914447d05cd1954652bc6d3", "b0dfa2cbde25d1ccdc23477265bcd60a7335eb51f48e6509c3fec649122066aa", "b131d233c15fdb02a7ae3bdfffe2c4f98f014629392a5136fcf4b2d3c62fe3db", "b2a1934361c0ed98b1161d28752383603f51956db4b48c0a9d0c15caea8f8653", "b2b8b69e8b0267ed16257e91b0943dda25748b9b6caf9106ac3fbd1ce738088b", "b323b0ca662aedb72b7f78cad1e3ddcc7ac59ff3c141c261bfbb91e853bb81b7", "b82ea4020f9b970c378517039d0bfabe8b1b0f6e78dd0a6c64699df864e5fe54", "ba3440b454bacc69d23299f46edf19e3a474cd2cea3471e0525777c005fbf318", "bc840583d0ab6021f5f1bf4c5d885f003cae0709b9a80521f256a504ac8ac833", "bda5fd37a0c3d253ed769e08142940215bfaf63da37a62888fca96504aead4ac", "bed137eb417152458efe9d1c6ceb57b75e66d893ef72aa14e88d254c76bcb7eb", "bf80f968ef121efa295efd94d7485e7afbbeea0f63317b3e686ec397f33dfa4f", "bf9f937caff10dea77b350c8abcf2d3a5b076f8edaa83f32972f68ffa8852cf8", "c02246e5f8a9561c9271aa75372cb61b6aecffc6dce602d5b47026e6ac26dbf3", "c349f608f3a7a6b41e9e6c8ddb6beb54e51674001d1fadcb009a877c468966bb", "c35e15e6fa5f407fd2990ba2b93d0dc974aa72db0a59d2e13489be7edf6c97fd", "c379fdf581357aeeeaabe5c18fbdbf78ff0517a84cc11657210f2153f4d07932", "c39b32855d200003e97f6d225cff66abb995e0c7b3e587524a70309c02257f48", "c3df91ef8e87f486aca7288f529c1d6d6543c777b8f141d7260c48c872fe1f21", "c402ec20e22affa418561690436ac05f0b14ae23279fe1261cfa4ef1420d1a63", "c43d94222e7525d34f1148490b41f1ecb5d359e2efaa6b189ba3e57d2edaf1dd", "c440e64063f585592db09ef1498bd9737c6f79ae1c928aeb9204b39f20e8fff6", "c540a29b30a13f03031fc2760e01a68f3a4cbb50417e476698dcaa815565d263", "c69395c9c4ccd2c85b19bffff706c9193c45a0bf0b28ccbb0adbc7c73f20344c", "c704ec5367deaca6a270e357d6a070c50ad32edc79bb50275a8ba22352e55ba7", "c707de3b60263185db20183af72751dc97f765272700d2314378ab30616e8fe7", "c840ab6849db39bea9dea86464adfadf401109f7bce66e2ee579be393d1bccc4", "cca099ddd86400028420b58a6a263ab8af634c12c16e6e790c47874e6945a90f", "cce88aafae154d926b8cb69b04641583dc2a1f452289b285b3bf9bed2d0d9a2d", "ccf22b0a01a5f6d4831a7b585c6c09330d3536340a8af18fbf58d2f12c1b72be", "cd73fcd1a79292a824685583f4cd292bb94d4f472b4336a89239076879561df0", "ce38a6060388da5498079f69c8b6ad6d4ebeb2e06d81aaca1676f1c16d80f204", "cfcb4bd7f7af24f146746cccba267a948688680796a1d695f5d83329564a6bd5", "d13a168dc1d8af2147ee8093ee965acda7d29157864cc535849ada941afaf498", "d24828eede3039b10bbd0f50e20e521ffcc1566313cf0b6815a581ebf8a5f969", "d3a6f7d55c3d1f1317f287e7303f974fc6558154f2151cc09a96278e670cf5fb", "d4f7e3be45402da5c23b624080fede7c1af0db846eafb99dfac6a7e843ca4af2", "d62eb7fd1d8f95c005379aa5203687a5f2f46512cb7f0ff6aa1bb1c017de4b51", "d6422ada695fc11c10147209820e6f80b71e48bd39f230e358238d450bf7d38f", "d6986e4682d73cd8ab4e68de7e3fdb7898b8bfabc816e4bc94bd320404e0bc67", "d6e83780431011c524c5d151b490df15cbaa502f5bfeaf7f102b4a5c5136055d", "d8269ec354a878793cd3f3c1d61c45954e6e11ef5ffb037c70b611177ef49f98", "d90430e61217051d4327cd13176e1ca3eb195ca1d345c196645c19835cfef24e", "d91277c35da2d619f81b9998a5aba9e1c4755e8cb6afdd4c0c71302272b8888e", "dae9edfcd6bbffac498510ec0fb98e779918d4cc0fcb380d192ddc3e51fd30bb", "dcbc2f820958d7ffc390fbd1a52588cf45dc32d885257b0c7f9db4db80e2516c", "ddb6e2d12cf22cac047b666c765f69b272718e4a7a0b65ffdd89a62f4d987ac4", "e03b28578842b3c33ed73cb57187daf25689b56ec11a0b0871a4dff8358acb8c", "e1d2da4caa9a577d32f56947756218b33b14b6cbe01b6bcfbc30ba9ad962d226", "e3397137bcad7f24dba24eb296685106400eeab6adc55aa1dfbafd6e270955cc", "e3631c6a6cfa2744ded94b608ed3b87849132cae6a7c270923f82dd8eb20899c", "e4683dc3300720c353118889f0a50d74cf20a38c3452dc00b9ad5cc5fc8a0539", "e54422bcb0279c6b3c282f200d252c4682687182ae3e6dfd2ffbfc5b732c35e6", "e640172f01c9ffcf3d7050393c441365dd0cea680d53a683215f8fb4c407180d", "e8c602c444e71d26ec2f24c324d4032f7cab75b1062dda008de4c59c0716cf4e", "e973b3d8c8461361fc44a9561ddb36163afde60cb8d84f8989a5db63cda3ea32", "e9a925bca0015ad0a2fc6ac043db55f74aa4ecab8ea9ef3812098e297de77a31", "ed098f0577f128b78097cf57d3d71c1bf3d651956a915e76090957dc05130cae", "ed23509c38fe3b5fd37feb58e835557c3c26ad08e1855b45c24bc50c510dbe7f", "ef7d80743bd8c64ffcfecc9082928da812663d25019a0a08224e2ed52f12d643", "f22fb675d63bf1488560e4924e55e2d0127b192ccc371afa3758b71866bc8afa", "f4403f2c9bac3d53aacdc83f1c22a639c3e24475e6f60775ffbbe653f765f2b2", "f445c7237998074b6784128359c4b2042c653a0f7f75cc7d61d83bb14e0a1c0d", "f4aeb0bc1032a88f319b8698027d535dd8a574577f1c3710e8c042a0ed13d789", "f5b0cdbeda19d6f9700572b89e3ed61840279e5e47992ed5ab5e33fa408e1607", "f67f643f51450e2107bd30773d6728209cfc59d9a3374f4f837393d4c5ccc016", "f771d310873f0238d234c7efab8e7a5d8a3d80184a88a398ce5bba4c6dbc412b", "f794146cad6af5e1b7fffa1c6312b7666b9c944ed28a1744616fc24f27260b08", "f95f816e93614b5557c436fb1867ebf6b9b42bf9e3888b3f93e45391a00f57b4", "f9b2e2be71b8cc9c1c881ab6dfc88ff603867b9da2fde17b5a908bd8af5d515d", "fc66af0037a12ec06a120446e8eab0a0eff364ee5348f816bb392c19c8e16ab8", "fd68e3f57a02c36f2e739213f394dc591cff817cfd2146543cd1280769f90478", "fe250f3176b184a956fb2b3f3aa2da6aaf91b0b65b934d07d9a98256fa43e249"], "iocs": {"domain": [], "file": [{"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "path": "%LOCALAPPDATA%\\<random, matching '[a-z]{8}'>.exe"}], "ip": [{"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "ip": "212[.]129[.]21[.]210"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1"], "ip": "112[.]124[.]126[.]139"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1"], "ip": "192[.]254[.]138[.]62"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c"], "ip": "95[.]110[.]147[.]192"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "ip": "46[.]4[.]105[.]170"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "ip": "162[.]13[.]189[.]52"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c"], "ip": "173[.]199[.]182[.]152"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff"], "ip": "193[.]46[.]84[.]84"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210"], "ip": "205[.]134[.]239[.]167"}], "mutex": [{"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "name": "aaAdministrator"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "name": "abAdministrator"}], "registry": [{"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44", "04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210", "04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89", "054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15", "05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83", "0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692", "0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa", "0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e", "0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4", "0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348", "1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4", "10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e", "124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af", "12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76", "134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3", "13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e", "151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c", "15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3", "17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff", "1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a", "1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1", "1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c", "1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "key": "<HKCU>\\SOFTWARE\\<random, matching '[a-zA-Z0-9]{5,9}'>", "value_name": null}, {"hashes": ["0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3"], "key": "<HKCU>\\SOFTWARE\\KCHKBLNC", "value_name": "hhimcenm"}, {"hashes": ["0658444e555e65863c26410f5e091f0dad3544cc2a712813a98a0f7073760d2c", "16f613d8aaa09ec94b035c947cb3b35e6aee48d01ee9cd499adcaaf8465340b3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ccdxhofk"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44"], "key": "<HKCU>\\SOFTWARE\\LCUTKVAC", "value_name": "pqnpumbf"}, {"hashes": ["022596c4398651672fb4c1865f50de91a34c23389f34ddc2d926870b4c4aaa44"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "kuqaqvqq"}, {"hashes": ["07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692"], "key": "<HKCU>\\SOFTWARE\\FDMDPESL", "value_name": "axeujtmf"}, {"hashes": ["07110d7eed5b6bb3ef68283538f4b7a70c171e929a3d2afd45ed9ab44f31c692"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qwbkcjmg"}, {"hashes": ["124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af"], "key": "<HKCU>\\SOFTWARE\\QHGNEPEQ", "value_name": "gdvkbpqf"}, {"hashes": ["124a64e6a185f9fb59fe5bb39eab2fd078d22f76b8355b01d125dcbff0aa35af"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ehfofqxs"}, {"hashes": ["134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3"], "key": "<HKCU>\\SOFTWARE\\GOVTXRBN", "value_name": "jsmkoflu"}, {"hashes": ["12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76"], "key": "<HKCU>\\SOFTWARE\\QQNKBLIS", "value_name": "xumqjooc"}, {"hashes": ["134c718385fa6feec81508f9e2d880a5eca9b23f52fcff9dde6b0ae9b0f40ce3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dbqpjilo"}, {"hashes": ["12bbb892bd85589a2e5b98bddc5fae3b033fec93b2bbf0e9f9b988f6b23ecd76"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "btxnirrc"}, {"hashes": ["04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89"], "key": "<HKCU>\\SOFTWARE\\AKXOQNRO", "value_name": "pxutqlqd"}, {"hashes": ["04dc06aafb680073e000f16b37e4dc6947ebe3010dbaaaaeb25b1a29b24f7d89"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "esjpchtf"}, {"hashes": ["13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e"], "key": "<HKCU>\\SOFTWARE\\RVRLNNEQ", "value_name": "rhauhrou"}, {"hashes": ["13d126c1ddb26541b2c1312689a02fb2ad145970a9c1ecc4ce7aecc453fc4f3e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mupsusfl"}, {"hashes": ["05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83"], "key": "<HKCU>\\SOFTWARE\\FARFXMBO", "value_name": "atdugnea"}, {"hashes": ["05c79148850b56f208ca1299ea3e5c2f0c6f39f284f1932b180b78b1a4351e83"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "dcqekeup"}, {"hashes": ["15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136"], "key": "<HKCU>\\SOFTWARE\\PIILHSNW", "value_name": "lfldaakq"}, {"hashes": ["15f9f0a1666d3641e169692ba6fd1b5edfbd1621fbe73dfe467506c8084b3136"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "umucwdrc"}, {"hashes": ["0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e"], "key": "<HKCU>\\SOFTWARE\\WPKFEMJL", "value_name": "jcpvvamd"}, {"hashes": ["0847d4bd6ac111cc1160592a4aa9ca33bbbeff4b7455feae45637d80547af92e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wwejkisx"}, {"hashes": ["17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff"], "key": "<HKCU>\\SOFTWARE\\XWOIBFVM", "value_name": "vlorwpbv"}, {"hashes": ["17f5634d98efc7a2053340a83360d37e336a9c4e378c39c93c7dc462763792ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "tjflffto"}, {"hashes": ["0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa"], "key": "<HKCU>\\SOFTWARE\\EHFOQIQH", "value_name": "qsecabac"}, {"hashes": ["0783de2739630da7660a8b96c51c90350e271a8afb24843edd95599754dc3baa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nhpfapun"}, {"hashes": ["151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "key": "<HKCU>\\SOFTWARE\\FDBXOENJ", "value_name": "ogbtdnvg"}, {"hashes": ["151bdfdb660f0d46d3924c9542b0554ea5273b8587a50c8cb3830d9a1be8600c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nnbfvflh"}, {"hashes": ["1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4"], "key": "<HKCU>\\SOFTWARE\\DCSVKLCL", "value_name": "iamnikem"}, {"hashes": ["1070009498a537b2dd88abf3bfc76e7eef52ecd4787df03853bb14698a43a3d4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "flumudvb"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210"], "key": "<HKCU>\\SOFTWARE\\XQCBJFOL", "value_name": "hhilxade"}, {"hashes": ["04d238d4d0abcf9a1b60c72a888b43827a777cc9bf09dd393e3efbb716c3d210"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "erlgpgds"}, {"hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15"], "key": "<HKCU>\\SOFTWARE\\EKLLEIOK", "value_name": "tjouhvjv"}, {"hashes": ["054dc9f517a7b965bfc0537ce204dbee5bfab8bdccad2eecfa14393eef1e1e15"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "gdkiqagb"}, {"hashes": ["1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a"], "key": "<HKCU>\\SOFTWARE\\JMOCWSVW", "value_name": "sfxpfthd"}, {"hashes": ["1b22f08632944461aecefbab990c712a66d25b34d71f43f46f453ad04a37f55a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "nvkewjbb"}, {"hashes": ["0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4"], "key": "<HKCU>\\SOFTWARE\\QPXCRCHR", "value_name": "vqreemiq"}, {"hashes": ["0ccd627101652de74561611ec88001121265e7986a18d25306951c0ce2c542e4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "conuqlci"}, {"hashes": ["1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c"], "key": "<HKCU>\\SOFTWARE\\UOXHFAHL", "value_name": "imupcrjd"}, {"hashes": ["1c58f6f6e17c4d100c1c3ae1f1a0b3671c75e19ebcfd4f470e014dc1cfc79c6c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "jvrjjnld"}, {"hashes": ["0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348"], "key": "<HKCU>\\SOFTWARE\\KGFMXNBW", "value_name": "xxjhfgmn"}, {"hashes": ["0f9ed445b8e39109f08b080e4fa141f7242900e2e7fbab85b4c3b3f66710b348"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "udwrcnlf"}, {"hashes": ["1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1"], "key": "<HKCU>\\SOFTWARE\\PDBWKWEM", "value_name": "mfwofpvc"}, {"hashes": ["1bfaf667b85f53530fbc50ff2fcf8130529fdacb7997b025af046dd06eacbba1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "pjroxtlf"}, {"hashes": ["10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e"], "key": "<HKCU>\\SOFTWARE\\EWDTPMOH", "value_name": "lnlcvtaa"}, {"hashes": ["10f0b391c9817529579db6d0e61e6a4dd6ba6fdb64fa202266d548df923ff10e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "vcmjxspj"}, {"hashes": ["1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "key": "<HKCU>\\SOFTWARE\\FLFTKKJM", "value_name": "fughmfox"}, {"hashes": ["1ebc2776129394e6ff422368dee9a1f7afae82cba887241a284f61d922a466cd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wutusigv"}]}, "reports_count": 25}, "Win.Trojan.Chthonic-9633435-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "nginx-webserver-detected", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "network-communications-http-post", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "dns-query-nxdomain", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-modified", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-public-server-contacted", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "url-not-found", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "registry-hide-files", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified-nt", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-service-autostart-disabled", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "registry-disablesuac", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0005", "TA0002", "TA0004", "T1088", "T1089"]}, {"bi": "registry-action-center-disabled", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-chthonic-rat-detected", "hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Chthonic is a banking trojan derived from the Zeus family of banking malware.  It is typically spread via phishing emails and attempts to steal sensitive information from an infected machine.  Chthonic has also been observed downloading follow-on malware such as Azorult, another information stealer.", "hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb", "e166a2d9f603637e2ee0fedd5d94c3e4878278587655f9b3bf6cae1dfdeda9fe", "fea6cff4475fe8436780c296b18ccdab45df01ed71103c7a0c79fe97178244c4"], "iocs": {"domain": [{"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "europe[.]pool[.]ntp[.]org"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "outsphere[.]com"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "benezramarketing[.]com"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "karaokeboom[.]ru"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "www[.]tangchenbeijianhealth[.]com"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "host": "baidishenko111[.]in"}, {"hashes": ["118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c"], "host": "north-america[.]pool[.]ntp[.]org"}], "file": [{"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "path": "%ProgramData%\\msodtyzm.exe"}, {"hashes": ["19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "path": "%ProgramData%\\ms.exe"}, {"hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "path": "%ProgramData%\\2135719256"}, {"hashes": ["a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3"], "path": "%ProgramData%\\2347482797"}, {"hashes": ["7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d"], "path": "%ProgramData%\\2347482017"}, {"hashes": ["5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea"], "path": "%ProgramData%\\2347480598"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624"], "path": "%ProgramData%\\2347476900"}, {"hashes": ["6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e"], "path": "%ProgramData%\\2347482485"}, {"hashes": ["3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "path": "%ProgramData%\\2347484466"}, {"hashes": ["d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278"], "path": "%ProgramData%\\2347479521"}, {"hashes": ["de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e"], "path": "%ProgramData%\\2347475184"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "path": "%ProgramData%\\2347481097"}, {"hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c"], "path": "%ProgramData%\\2347484919"}, {"hashes": ["118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29"], "path": "%ProgramData%\\2347490613"}, {"hashes": ["3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c"], "path": "%ProgramData%\\2347488320"}, {"hashes": ["648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0"], "path": "%ProgramData%\\2347486354"}, {"hashes": ["b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062"], "path": "%ProgramData%\\2347483608"}, {"hashes": ["9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0"], "path": "%ProgramData%\\2347489708"}, {"hashes": ["c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289"], "path": "%ProgramData%\\2347483967"}, {"hashes": ["19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309"], "path": "%ProgramData%\\2347492547"}, {"hashes": ["e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "path": "%ProgramData%\\2347478258"}, {"hashes": ["24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2"], "path": "%ProgramData%\\2347486026"}, {"hashes": ["87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c"], "path": "%ProgramData%\\2347491861"}, {"hashes": ["569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7"], "path": "%ProgramData%\\2347483702"}, {"hashes": ["d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c"], "path": "%ProgramData%\\2347506681"}, {"hashes": ["a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c"], "path": "%ProgramData%\\2347494045"}, {"hashes": ["7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1"], "path": "%ProgramData%\\2347487275"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624"], "path": "%ProgramData%\\msb.exe"}, {"hashes": ["3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c"], "path": "%ProgramData%\\msRaKj.exe"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "path": "%ProgramData%\\msigx.exe"}, {"hashes": ["6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e"], "path": "%ProgramData%\\msqrlPh.exe"}, {"hashes": ["569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7"], "path": "%ProgramData%\\ms_NTS[T^.exe"}, {"hashes": ["5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea"], "path": "%ProgramData%\\mstJiUZf.exe"}, {"hashes": ["a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3"], "path": "%ProgramData%\\msJdQphU.exe"}, {"hashes": ["d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c"], "path": "%ProgramData%\\mstymxMVR.exe"}, {"hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c"], "path": "%ProgramData%\\msTnkXZ.exe"}, {"hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "path": "%ProgramData%\\msKJjs.exe"}, {"hashes": ["c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289"], "path": "%ProgramData%\\msjKq.exe"}, {"hashes": ["d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278"], "path": "%ProgramData%\\mshZWmUc.exe"}, {"hashes": ["de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e"], "path": "%ProgramData%\\msRkSs.exe"}], "ip": [{"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "ip": "184[.]105[.]192[.]2"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "ip": "23[.]236[.]62[.]147"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "ip": "104[.]215[.]148[.]63"}, {"hashes": ["19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0"], "ip": "51[.]38[.]27[.]129"}, {"hashes": ["24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0"], "ip": "212[.]7[.]1[.]131"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289"], "ip": "195[.]78[.]244[.]34"}, {"hashes": ["a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c"], "ip": "45[.]87[.]76[.]3"}, {"hashes": ["7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278"], "ip": "178[.]16[.]128[.]13"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "13[.]107[.]21[.]200"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "172[.]217[.]197[.]157"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "172[.]217[.]197[.]106"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "172[.]217[.]197[.]102"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "172[.]217[.]197[.]139"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "173[.]194[.]175[.]154"}, {"hashes": ["3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c"], "ip": "192[.]33[.]214[.]47"}, {"hashes": ["bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa"], "ip": "194[.]177[.]34[.]116"}, {"hashes": ["6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e"], "ip": "92[.]243[.]6[.]5"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "173[.]194[.]205[.]154"}, {"hashes": ["de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e"], "ip": "193[.]182[.]111[.]141"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "82[.]141[.]152[.]3"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "209[.]85[.]232[.]94"}, {"hashes": ["b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062"], "ip": "85[.]236[.]36[.]4"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "173[.]194[.]207[.]95"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "173[.]194[.]68[.]95"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "173[.]194[.]175[.]97"}, {"hashes": ["e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "ip": "195[.]201[.]19[.]162"}, {"hashes": ["b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062"], "ip": "88[.]150[.]253[.]182"}, {"hashes": ["5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea"], "ip": "85[.]199[.]214[.]98"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624"], "ip": "85[.]21[.]78[.]23"}, {"hashes": ["3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "ip": "193[.]1[.]219[.]116"}, {"hashes": ["3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58"], "ip": "68[.]69[.]221[.]61"}, {"hashes": ["118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29"], "ip": "149[.]202[.]156[.]97"}, {"hashes": ["118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29"], "ip": "209[.]94[.]190[.]139"}, {"hashes": ["87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c"], "ip": "51[.]255[.]142[.]175"}, {"hashes": ["87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c"], "ip": "208[.]76[.]1[.]123"}, {"hashes": ["19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309"], "ip": "206[.]108[.]0[.]133"}, {"hashes": ["569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7"], "ip": "204[.]93[.]207[.]13"}, {"hashes": ["a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c"], "ip": "91[.]236[.]251[.]129"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "35[.]227[.]229[.]24"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "13[.]249[.]40[.]39"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "34[.]107[.]249[.]97"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "13[.]32[.]202[.]66"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "52[.]85[.]144[.]44"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "152[.]195[.]19[.]246"}, {"hashes": ["541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887"], "ip": "34[.]102[.]238[.]103"}], "mutex": [], "registry": [{"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "HideSCAHealth"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "TaskbarNoNotification"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS", "value_name": "Load"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "1081297374"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "1081297374"}, {"hashes": ["005914e205f85350145da7a3b8def9303f136c862d075498bf6196b92b479624", "118a187039c2214646ca07f87f002196d89c0185195d5b2ddb07f55bc6246c29", "19ca2dc9d603ab22a8d8a67c174c42bfd9138a7b3a163622e9c929d25b855309", "24b5e337a5a75cdfa39a5ca7dc20c20c4df773f1b9e2f58159d65b20118621f2", "3c709d5b9795b97e4449f445b236b7138f03534421a195571385010b9d5fef58", "3d1fa3fbb8a03da9701b8611e31e304c6c799793062e822d0e38385de54eff2c", "541d6f689c9cbb71d9897ea5858da69e56e7842e526f74f22b024cd53273b887", "569b2ead1b3bb667be96fa94244b257f32ae29e37b8291be98c6862360e757e7", "5e37d6d9e74d73eb5905af752d66be6ccb574f2b2def2eff36a0e919964349ea", "648c528bcd12fc46c273f2e1db6480e43b810570df0104e5788797b1dc0e4be0", "6b405d3a85cc499003e9a2bedb90c201cb765c5c21c702af1694461374c06b5e", "7d0170da5c96a21df32fec382357661706a9a80e9070057779bf0aa728237ae1", "7d227a6df94c82c1a3cc4faa3b1f9ff56ccc44511aa39440d3b78c301a28a97d", "87f89d19305365624d586dbc4c9061b3fddf5706ba507b1e039ab21d5170e83c", "9da3b60372dfa145858fc4b3b76340388b9790a015c8f0365188ca71ac4584f0", "a525117af10f3f2ad10f3e42137b643c03d5c97c75e997a5d7e59a058efd749c", "a7cc11bff5fa8bb28c3568958d0fb65e8cd9082c9f6f11592099f2dfed1f37d3", "ab09ca91c9a24028db7fd22f8cf3ac5f0e333d4a56338e5f342b8f91e410675c", "b0100b458b420d2b769c42690ad1f9f8dfe63bd18214c3e5b84688fe02d8b062", "bb53b524ba263390398c853013e34ea406de418a0a60a379f153ac01a76358aa", "c3438080b0f9a66cbebd637827a124067012e5767172dc90d2e48263ba8a1289", "d1eb98a2a9b69060f2cb246fb43807d783ac27620710b2058fb2431d3f49404c", "d8546ba80be168602dd86da57e9ffe53fd12a29185e11a9e80945a2db8c98278", "de48d4bb1583115ed9cd4a99b66ab54c90a8b506d1e422c07e0d2b2e11bd022e", "e078c4359437fc0d7112a64003b3f60508c4f63dd6d1ad18026fc3a10c410ffb"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": null}]}, "reports_count": 25}, "Win.Trojan.Gh0stRAT-7619117-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-packed-upx", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "deleted-submitted-file", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "registry-autorun-key-modified", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "cmd-exe-file-execution", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-resource-lang-russian", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": []}, {"bi": "process-uses-localhost-traffic", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-ping", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0011", "TA0007", "T1049"]}, {"bi": "process-ping-localhost", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0011", "TA0007", "T1016"]}, {"bi": "process-requested-file-external-drive", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0009", "T1025"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": []}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "mitre_attack_tags": ["TA0005", "T1027"]}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading and executing follow-on malware. The source code for Gh0stRAT has been publicly available on the internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "5515eadfc7b83457b8ea403137077312bda7e49535afd3b56c79f43b626ac3f1", "56879f0c07887307f15d255b04514ed3423fa7ef7583f38e113094212ed3d243", "570dcd0e3c3392a9bd232e9b937ec3e34306a7b7fd267c628e86fe66009dcd75", "5bb780fed3239dd3438190a32079f498ec8babc68e6ed68e5e632e1eade668da", "5d8c3570d67d124d092481b40a9328fb22a0f3b9fbf66efa7c102b85b4cdb615", "6065609131d4b9a436b8406eaacd808a5b1bc0137495553341915fdb7a0f675f", "61a8ee3f1276834315fbbab66c21037868036a3d2f7a3f900f44e078086ffffe", "65029f5a6de4955404de8880a40afe58c1eca6a5c518b4c92caaaedaec822462", "65084b17f73852fc22af464aa5968468dd493d0a6e2102ab840b5de8bdf151df", "6883babedcb72467bb3c351383b314f6fa1ece42695b1b064a54c2e5a40a4b72", "69b540e20fa40557c5a8793215c79e094c48deb3c471e6152033c0956ec05e9b", "6b4fdd568cc16ad4d88bcd5422a82a88220710dec9fa97c88293bef172460370", "6bd1e70ace722d3b3f347438a99a707c09df0dd9ae42afcb65698f4f9b96f0b6", "6ef612716fef2dd5ddb33241a0455f2f675ef4c2c4f0c27dd88f09ddb5c7cd35", "6f1b9e4e4cd0977e96c60dcaa80dd2c33fce3cb42918367b12c8d0a69c0e9dbd", "6fedbe72908c9087622537915fbe1c666af08588ab9e3f460a5a32188227163f", "777215fb5ff24666117d98f88c1799a91c8cbc55752fe32e4ed3a5680498ee0a", "8113e48c8b42b5ef3485b004955f34a9ef2b8869d9d55d620c747a2fe403477c", "8222cbc902ccb65374db80e336b806eca331b09797a35abdee76890c8ecc4746", "828998fcf8a981e53695d1369fbf16aeb6d4f5effac441edaf2506814855f6e4", "8478e7f79c3f1176a872f225884339b56905596132d265fc0c1da007dff5ec4f", "88be9ba427d3b4b20e8ffb3ba3f45e946f15f3c515fdf116ec4bb02f0b15965e", "88c8b26a510662ef58cc639272520224b4a54b4e4c2dc8da4e36ae0c6eee66ac", "99b2a97e5b7ca7a26f59c616434db5ebe0d833f6018bb1f5370e9663e66e0a40", "9c398ee3143a64941c1491892b58ba34d53215343b3d886629955fc1fbf24b91", "9ce518d50aad3885fd9c92532f3b924d2e1a95a4aae3632bd507ef52403db7e7", "a2b22a3ac9127060eebb0475368f67b60ff0fe09608c17bf6d18ffa3fcfa2ea3", "a3abd014742b7f9de4c9d322d266a00f2c13651f8e900f389c9f52d5c732d0aa", "a4fc1e56d5584769949854d556ac6dcfca74250c089f710a134c722e33100984", "a58a2cf78a34960eda0b8955740858c5bd959e46799cb5e4363c6e392dc369f8", "a6b69c7d3356b3657e15d4dafd9d645a86e2ba2eb59a80809428cb341536104c", "a71e78fae73c9c40e02dbfccaa3dfaf564819cd540c8175318aedf6f56de8ba3", "a73485ea944c5350d4547cc7bc3eb053a52931651a55d0989a39f170389fec07", "a76ef37f47b20630ace0872e3ce1f7505f2c3a06159bb5836e34e54b8ccab0a4", "a9bbc3c9a0015fa0ee9fc35ed9721b33f5b993b96e9187ee3f95f71c49d0f613", "ad667642b7693e459c57798013d1c6f79a06b0ea846aa9b412ed1adecee365eb", "b16ceb90729a41d76714803acd7c29da9c93c6feb724c10f5ded09c24db8831c", "b170b6ec1dbdc8ccb559310da466d6bc59f7ca9bf7fe5a43d8d54049e82d84fd", "b381aa0b49d5b113e068edaa5aebb53b633ab9bf6dff29c516f35997ff003c38", "b3f97f91d631abd558e174ad57b4254138f60cd9bd19a8b4a322d1fbcec65762", "b85ece6d2afdae1766edc89df27852bfad2e216863357555b67779a9fe5169d7", "c16d27e3968dba91790148c347d6c70669686270b4f06c55e11da5b99cd10aa7", "c4a4d3456c7ca310195ee002f28ef966c60aed2d068ec30dc0b38bce74bc7b8a", "c67e7640952b60fa976f2a76280bfbde579305fa61a50887b32374dfd7748b6d", "ce77d936a21e2b1ec174977aa17575eb3ca95c7c4184e713f79d7fcf24604bc0", "d6bd4f2b743ecbec93bc359e7a4e4614e5ef0f95a939f1764d47da0bf21a8155", "d8de3428e10a203498f94ea114b247d05cdfe2b1ed0776e906f1aa177cabff0c", "de01fdd010a2d6225c5f1fbf0559579e55e222ef2a316ea39e8b778da2e63782", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa", "df81e4a2b7a100886b08c45fd13582fd7011e14436a9fcd6bfc0796bc6f00d89", "e20f99859fc8c2d43979f8b715c193791e6cb168216c0001f6d182ef670a3858", "e2bedda8d9873dca2c22e694250533986bec3199cf163a10295559b5eeabe71a", "e49713834d4f6693416b41b18b46c2ee34edbca16b01d49e92941994bccfd043", "e8e39ef0c9b933316e386e675fb35114e18d334ce341c39fe18b2bac28fde8c5", "e97aeb2b9cecf63741b56bf3130d2242c4c500fc2ed99a9963bd712054a39fb4", "ebca8358c14fe2b9fd134734da77296e918f104996d565644589174d42642d6c", "edcb9ee3ad73ef9d8c6aafd4d7314f725537043515f8e95ea3209b86c8cef0c3", "efcf6dd7dfd6d7ad4b69ad07f5a7c2b5703b1f2ebcda4f1daac43cccc05d3606", "f0222c9c2c2315bab5d25954c602413c7cd18cdec753ee3958a9ba81d5afa89b", "f23191cc8d55b7f2dfb6763fd2f22352a616b8c4f6cd9d914b83949c5380c8b8", "f326cfd9c1db203301792363a227c7684f37aed2e95080b20deb85a1df16f4c5", "f3d73bead403e5003ed14b21bc42b9e8c599067dd3fa6c3d2795ee5423bc2ab9", "f64c31c18cadd874bcaad1e2058cf5f19941dbcdad06a3f606b1db1715984d44", "f898cded58417cb72eb1c5dc4d11537f4e8dd006c853ebee05213b39078906de", "fc95912d5a0de0a18ba169a2272be396a20d1997517e85970b666afc1f2038c5", "fcb68269b6a9b9bdd65b90a27c3602093d6c59a2d0e60d33fb82fe69452cfae7", "fd6825cf432cef11189d1558e3323cb41df3bb6dcaab26a4108d2adcc83c7bb0", "fe86c8a67758bb625c93ca99cd1262f6be3a5ce4ee76fd2390662442a66a93aa"], "iocs": {"domain": [{"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "host": "blogx[.]sina[.]com[.]cn"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "host": "blog[.]sina[.]com[.]cn"}], "file": [{"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "path": "\\1.txt"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "path": "\\<random, matching '[a-z]{4,7}'>.exe"}, {"hashes": ["0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89"], "path": "\\<random, matching [a-z]{7,15}>"}, {"hashes": ["250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304"], "path": "\\cgtmj\\ReadMe.txt"}, {"hashes": ["250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304"], "path": "\\cgtmj"}, {"hashes": ["250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304"], "path": "\\cgtmj\\yzbltu.dll"}, {"hashes": ["12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a"], "path": "\\taoyi\\ReadMe.txt"}, {"hashes": ["12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a"], "path": "\\taoyi"}, {"hashes": ["2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7"], "path": "\\tnkclcyng.exe"}, {"hashes": ["de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "path": "\\zqqhe\\mhnzk.dll"}, {"hashes": ["16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c"], "path": "\\qidlg\\xtpwj.dll"}, {"hashes": ["12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069"], "path": "\\taoyi\\covuhnat.dll"}, {"hashes": ["19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677"], "path": "\\gpbtj\\hxhmxk.dll"}, {"hashes": ["2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a"], "path": "\\taoyi\\hskie.dll"}, {"hashes": ["2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a"], "path": "\\geqbtmsmb.exe"}, {"hashes": ["1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b"], "path": "\\znxscr\\ebfsh.dll"}, {"hashes": ["2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea"], "path": "\\vtqth\\ijfhuma.dll"}, {"hashes": ["13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac"], "path": "\\syvbqon\\fntkc.dll"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a"], "path": "\\wgbxsc\\bkfot.dll"}, {"hashes": ["0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4"], "path": "\\jpcukn\\moclw.dll"}, {"hashes": ["14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010"], "path": "\\gjocxlijx\\hdvjp.dll"}, {"hashes": ["1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9"], "path": "\\mwovt\\esvwxcy.dll"}, {"hashes": ["0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819"], "path": "\\padcnyqx\\hhhpz.dll"}, {"hashes": ["2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40"], "path": "\\ufbll\\xmhsv.dll"}, {"hashes": ["323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa"], "path": "\\kixyica\\zjbqm.dll"}, {"hashes": ["504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7"], "path": "\\smhnp\\ntolwvrtd.dll"}, {"hashes": ["42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0"], "path": "\\mndehdnf\\dapmq.dll"}, {"hashes": ["3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8"], "path": "\\rhbeyeq\\smhnp.dll"}, {"hashes": ["534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "path": "\\eocbg\\prfajxie.dll"}, {"hashes": ["50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89"], "path": "\\hxfoasgxd\\jjdtn.dll"}, {"hashes": ["35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b"], "path": "\\jjdtn\\zophl.dll"}, {"hashes": ["3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d"], "path": "\\mricvnx\\ikxaon.dll"}, {"hashes": ["4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d"], "path": "\\pciyyzc\\jucqs.dll"}, {"hashes": ["46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce"], "path": "\\mpzda\\dlxinibv.dll"}, {"hashes": ["2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304"], "path": "\\uqttu\\mbmpc.dll"}, {"hashes": ["2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a"], "path": "\\yghnqgerd\\tovzrgfy.dll"}, {"hashes": ["2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40"], "path": "\\hwchttt\\ezlzx.dll"}, {"hashes": ["2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40"], "path": "\\tffthpicd.exe"}, {"hashes": ["323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa"], "path": "\\cetpejrjq\\pgbci.dll"}, {"hashes": ["323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa"], "path": "\\drghbeip.exe"}, {"hashes": ["35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b"], "path": "\\kpxqi\\glbdhmq.dll"}, {"hashes": ["3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8"], "path": "\\rwtcfzrm\\pvwdv.dll"}, {"hashes": ["3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d"], "path": "\\yucdx\\xwjfs.dll"}, {"hashes": ["42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0"], "path": "\\elikvfdhq.exe"}, {"hashes": ["42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0"], "path": "\\vdvfj\\wuqtz.dll"}, {"hashes": ["46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce"], "path": "\\zzyfm\\mvesu.dll"}, {"hashes": ["4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d"], "path": "\\nloxp\\bfvuwhgf.dll"}, {"hashes": ["504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7"], "path": "\\ucquhp\\twnzq.dll"}, {"hashes": ["50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89"], "path": "\\vkvpzh\\fxbbj.dll"}, {"hashes": ["534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "path": "\\ryocpqeto\\cvkagqfqx.dll"}], "ip": [{"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "ip": "67[.]198[.]215[.]214"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "ip": "67[.]198[.]215[.]212/31"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "ip": "49[.]7[.]37[.]126"}], "mutex": [{"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "name": "67.198.215.213:3204"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "name": "M67.198.215.213:3204"}, {"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e"], "name": "0x5d65r455f"}], "registry": [{"hashes": ["0225ebf072e5c74f9179676762247f3caf47334d2f2b939057a47c40fa79fb5a", "0b20f04056d09956ea25ec8738b037ff260ed4149c2f21a8030496565e5c4819", "0bf67561654828de1955ec3a5e4af6fd84b131cae8aa86a9b9267d868d1be0d4", "12611b8ea7441b4079113cb6dfa6005149681d54cd7b9a69e2fac53010133069", "13183e032d68e2eaa43fab76ac418def7aec81de2a4ce3be79ac5533be504dac", "14d4012b2679ff2d9fb6e2fcf16b8b804fff4bc6d9a89c526f4dafd0ac169010", "16ac608a5e30a74c8c30df48be7ffac442d0a471f282175d0b2c99fc97d21b3c", "19e1577eda0392edb8c8725390864dfa5550e796fd3c54cd49a1a03547a26677", "1e116b100786f611bc31743f291bfc42571967ee1b900a1983d157a97b31caf9", "1f96fa31ef56e38367547debe06b6648c8d6938e56261417fd0e05b0cecd191b", "2450d0b60b4806376763eb75068417a082f32c06a42d8a4a804d2d4eec7f02ea", "250e5bea7cc118edbf466df3166514040b6c916c82872fb346450919af2f3f0b", "2aa73c1d1f2cc10553f40342244732ee7ecc6c3f1d3dd968e4cd3f718d8c0304", "2b9ef3222cb445434e4f0b4951b2063e015a28b0c89e4337d5ac60a3566c069a", "2c97142d44aaa560085d1ad6fd1b110c84d44ca508e27a553e60493e0b0f3c40", "323e8062469d8c6396ef4c0a71e784c199788eb6ef2d550072ad629f17e292fa", "35f3d0f028074053d44a8cb28f50f951a695362c35aa2b49d792f9f39e137e4b", "3bef30da08225429001b1cf8af9af56745fa3093fdb3e1694778319b9a74afd8", "3ca4fc376cd164bbb3fc377d08d53269412a3877354e287320eba9a328e2078d", "42961510ff9c7107011e6522c3e4c9f156aaa76269290fb54a4dc56c7a2221c0", "46f8cde62bad1f6410687c52bcf2914714e8013c6711e0a0d25eaa18fae908ce", "4d87cceab4f07132d6da5ad81f0bb273943b88dec7df8bddc7092515ed58b86d", "504a953dbaba29c86932e5ed39a5fa60fc1c0d8e8d9b414c483cc5763e71cff7", "50b2866b894438f507a6e4cbf0b8ab2ac9bf8a95511043e8e7d83a0a53a05d89", "534eaf89d8c124c45d45e7b219809d0f074d04ded068a20479e83a9939b1a48e", "de6a70c914e11d844869d59361f18fcecfd926b50f3e4550a3fbf91eeb6478aa"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "EvtMgr"}]}, "reports_count": 26}, "Win.Trojan.Scar-9633394-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-tls-callback", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": []}, {"bi": "pe-section-blank-name", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-requested-direct-io", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0007", "TA0005", "T1120", "T1006"]}, {"bi": "pe-packed-asprotect", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-executable", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-communications-http-post", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-system-dir", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "registry-modification-reg", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "usb-drive-autoplay-modification", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0008", "TA0001", "T1091"]}, {"bi": "modified-file-on-usb", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0011", "T1092"]}, {"bi": "created-executable-on-usb", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "sample-copied-to-usb", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0008", "TA0003", "T1091"]}, {"bi": "windows-util-attrib-hide", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "excessive-logical-drive-enumeration", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0007", "T1120", "T1025"]}, {"bi": "file-attribute-modification", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "usb-drive-file-hidden", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "enumeration-browser-information", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "registry-hide-files", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0005", "T1158"]}, {"bi": "nginx-webserver-detected", "hashes": ["58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "process-requested-named-pipe", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "artifact-windows-task", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "windows-os-reboot-detected", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0005"]}, {"bi": "windows-logout-detected", "hashes": ["932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef"], "mitre_attack_tags": ["TA0003"]}, {"bi": "url-not-found", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "pe-invalid-checksum", "hashes": ["f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "http-response-server-error", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Scar will download and execute files to the system while attempting to spread to other machines by copying itself to removable media.", "hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "iocs": {"domain": [{"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995"], "host": "fotolog[.]terra[.]com[.]br"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0"], "host": "elbanner[.]net"}], "file": [{"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "\\autorun.inf"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "E:\\autorun.inf"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "E:\\Start.exe"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "%SystemRoot%\\Sys"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "%SystemRoot%\\Sys\\RegSrvc.exe"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "path": "\\Start.exe"}], "ip": [{"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "ip": "172[.]217[.]12[.]238"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995"], "ip": "208[.]84[.]244[.]116"}, {"hashes": ["5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "ip": "173[.]192[.]182[.]44"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995"], "ip": "205[.]185[.]216[.]10"}], "mutex": [{"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "name": "PCAdministrator"}], "registry": [{"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MSkip"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "SuperHidden"}, {"hashes": ["45fdf9bfe4c45fc67cce43ffd7cdcdf51fe65c0229ae7148052aca6cc792fe99", "58484a5b5b90cdf2d5a20825843dee3718385ed122c861f0529cf64cc37bd481", "5a3d431e05638bc182d5bb3dbeb2e1649a0ed37ac158b71822b4176ee83cb8d5", "5d3201845051d5ccc6f2fc3abed5e0b16370f93a0aae07151691474459eff8ec", "dd5034418a4875fa6d9d4a23fafc677e343c9c2ce22dc8667792bd3750b64462", "deb61d7fb26f72f5e2c95f05bcf79b6d9eee5fb94ebfd924d69ac26d188a2995", "ef604c31226dcaf59821451398434ad2c036238812eaf5aac22f7295b1db0206", "f39050818dab18d89102e1b045c0f6b5073cc4eb621ba6f0ab61bf98f7a63e4a"], "key": "<HKCU>\\CONSOLE", "value_name": "cmdls"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CTF\\MSUTB", "value_name": "Left"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\CTF\\MSUTB", "value_name": "Top"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STUCKRECTS2", "value_name": "Settings"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\STREAMS\\DESKTOP", "value_name": "TaskbarWinXP"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER", "value_name": "CleanShutdown"}, {"hashes": ["549e7fedac2343b571887cb41f8f2fc9bc7003498e4afddc4d1a9e2ff74df8f0", "77152de213616807248b3d159070953425d02914885206a557a9e81a636bd4ef", "932da996ec431ea6f34247f24b30d9b175a77dd1dc5cb6020fc360956c46eb28", "d2887f0131644fc660b1636584c5082d5d85ef1b5a7f8e3ae3a5d5b6c38df042", "e9470f7c72a28ead35ee0115ca4a51dd889e4442837f2408defb5a3d2cd7c8f5"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINMGMT\\PARAMETERS", "value_name": "ServiceDllUnloadOnStop"}]}, "reports_count": 13}, "Win.Trojan.ZeroAccess-9631324-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "597ce54444671d8bbb5e61352ef6d48c00f8f322545ae571f08d564726212b41", "5a56413ef86eecdbe4b9a04818f7ebb834dce2d5a3c3eb9682d5e2addee874e1", "59b21753f42d77d69b635bdcc4acff4f8deedbbced18754a1ac28eff00084090", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "597ce54444671d8bbb5e61352ef6d48c00f8f322545ae571f08d564726212b41", "5a56413ef86eecdbe4b9a04818f7ebb834dce2d5a3c3eb9682d5e2addee874e1", "59b21753f42d77d69b635bdcc4acff4f8deedbbced18754a1ac28eff00084090", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "597ce54444671d8bbb5e61352ef6d48c00f8f322545ae571f08d564726212b41", "5a56413ef86eecdbe4b9a04818f7ebb834dce2d5a3c3eb9682d5e2addee874e1", "59b21753f42d77d69b635bdcc4acff4f8deedbbced18754a1ac28eff00084090", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-snort-malware", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "malware-known-trojan-av", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "registry-autorun-key-modified", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-public-server-contacted", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "potential-registry-persistence", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-ini-modified", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "registry-service-type-modified", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "registry-service-delete-flag-set", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "network-snort-exploitkit", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "geoip-ip-address-location-attempt", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "malware-zeroaccess-variant-detected", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "winsock-parameters-modified", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": ["TA0011", "TA0003", "T1112", "T1040"]}, {"bi": "malware-zeroaccess-ua", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8"], "mitre_attack_tags": []}, {"bi": "network-protocol-mismatch-dns", "hashes": ["64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1094"]}, {"bi": "pe-invalid-checksum", "hashes": ["597ce54444671d8bbb5e61352ef6d48c00f8f322545ae571f08d564726212b41", "5a56413ef86eecdbe4b9a04818f7ebb834dce2d5a3c3eb9682d5e2addee874e1", "59b21753f42d77d69b635bdcc4acff4f8deedbbced18754a1ac28eff00084090"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "ZeroAccess is a trojan that infects Windows systems, installing a rootkit to hide its presence on the affected machine and serves as a platform for conducting click-fraud campaigns. ", "hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "597ce54444671d8bbb5e61352ef6d48c00f8f322545ae571f08d564726212b41", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "59b21753f42d77d69b635bdcc4acff4f8deedbbced18754a1ac28eff00084090", "5a56413ef86eecdbe4b9a04818f7ebb834dce2d5a3c3eb9682d5e2addee874e1", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "a3da80ccda22dca516c83c251b161254bca33b9fe82add36aed3e32cc3bacb7e", "ab2c81874b8dc4bce7e6ba7fd69f8f48f12770c98e37b4ac977e51dff99f268f", "adf6a50c9974a766d5fdc2a189483534b9f9c4e7ad34ccd4c72efa499edfb53f", "af88efe13edd5cda58de003b1231749cc7930662d5d6ce9caf7460627bd2fbf5", "b0fbe96da74ecc60109f06f3fcea18d592c1ae3d5c3a643145988d2a18dd897e", "b1fa8e01c8ad25b0e2e6ec5c86fa36d46d3c0baea5bf998b4b012d6447832a88", "b832952a96f6f02ab5db16c9d85ccd6ec4dfe977e4ac0403bfef287d67f001bb", "bea1c3e9c69f2870bd3d91e7d19e8b96774df0f69178812d646bcd096af19e8e", "c10a56b3abd016768128a7ced782aa61679fef2386c2fad2c2f525cebc34a1a2", "c23e9bc2628d95b5674930d7ba24d440484f86dfca1671b70ac553bcc6e9bf22", "c730e76f3e6554ccd8584bc06018b71fed730e34f876674a9614b2bfb0cff296", "c9bd4f5e41b84e044e97fd3210032b2b45014b166d4216f29052aba12b67e55c", "cf802657e5c7fa84a837463b74a55b165cf6ff29d93fe914f0aa2436ce215441", "d0e569eb10163612910f1114a6d79a15837eb5c06a78837f36c33b891b8825ae", "d2bea398fd24c06ad567cdaf26b3e729ad450438d947cc0c1e526078e6db440f", "d2ddaf7fcbf160901053b8b76fdf8cb0c0a12899fdb6a88871c16926e79e9baf", "d5f0740e2725700e4d437856cdaf28e659179fb1a89c667caf8eb1c3ce734111", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "e5cf21f337073bb0255379badf92531918c94edfee2ac1c6165100fe11af5606", "ecf9f8a566f6c29f18ccbdedbe1dc639d516aaea6d2bb385e562d7f7aea8a642", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe", "fa8aced4ca513ae1c4365bcc47c89afdd51a738c94db8c2abccb9b499424dad6", "fdb1302ce83edfbcfe94f4f35995eed2666d44d867cea52c27ea814e2ab10c7e"], "iocs": {"domain": [{"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "host": "promos[.]fling[.]com"}], "file": [{"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\assembly\\GAC_32\\Desktop.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\assembly\\GAC_64\\Desktop.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "%SystemRoot%\\assembly\\GAC_32\\Desktop.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "%SystemRoot%\\assembly\\GAC_64\\Desktop.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\assembly\\temp\\@"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\assembly\\temp\\U"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\assembly\\temp\\cfg.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\system32\\consrv.dll"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "%System32%\\consrv.dll"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "%SystemRoot%\\assembly\\temp\\@"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "%SystemRoot%\\assembly\\temp\\cfg.ini"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "path": "\\systemroot\\system64"}], "ip": [{"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "ip": "64[.]210[.]151[.]32"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "ip": "178[.]32[.]190[.]142"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "ip": "94[.]242[.]250[.]64"}], "mutex": [], "registry": [{"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": "EnableConsoleTracing"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": "FileTracingMask"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": "ConsoleTracingMask"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": "MaxFileSize"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": "FileDirectory"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Start"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "DeleteFlag"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "DeleteFlag"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BROWSER", "value_name": "Start"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Type"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "ErrorControl"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "Type"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "ErrorControl"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\IPHLPSVC", "value_name": "DeleteFlag"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Type"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "ErrorControl"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Type"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "ErrorControl"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000010", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000009", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000008", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000007", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000010", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000009", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000008", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000007", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000006", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000005", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000004", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000003", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000002", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\PROTOCOL_CATALOG9\\CATALOG_ENTRIES64\\000000000001", "value_name": "PackedCatalogItem"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000005", "value_name": "LibraryPath"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINSOCK2\\PARAMETERS\\NAMESPACE_CATALOG5\\CATALOG_ENTRIES64\\000000000001", "value_name": "LibraryPath"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Type"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "Start"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "ErrorControl"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\BFE", "value_name": "DeleteFlag"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\CONTROL\\SESSION MANAGER\\SUBSYSTEMS", "value_name": "Windows"}, {"hashes": ["039552a16cf5c7b3731e4e5013f19a580c9a6787b6217be5c8e5bed551a8c9bd", "07abcc453343aed175a9abe88d51a438d1b7548d7992935bfd0586f36a78a2d8", "0a93110ac61febeeb234588deea0c35eaafb7115424a27adacb939240b07305a", "1508adadb00a54f472142e8fc27184267e57e2fa15543a291e9342cc62084ca6", "1991d2e45cc4c24ca40cf05e82b00145a71582812f8b0d73145320fb6a8d4244", "1b69f487fe828a1b6fc473b3c7332d18be117f612e365cbb3a6fadc942ca1e5c", "40a9e5cabc887d6784ab31625e3f37e8051bf14315f3f7d5fb5805d67f4d7b53", "4f17948d36607e0e1b930f6da0c76340a84257636d14c29e0f7648a66964f352", "540509748b74848c8aa3a9704f16a503ddbf7df4229f566d78d1b05d60741887", "55da27a6c9e665432754cde6e4933e520c998d56eab1681fc79c651297c482f1", "58cf1ebdb1dcd3ddf6eae851ee52677c022f84dbe7c7aa569a9c9a6132201515", "59a051a82056203aa92299b60b22c274df04be6f17718ecfcadd785319165243", "60d6024212002d636954e9616c56536641a9e3994e4ff0174e6d5530a335b20a", "64289adcfd09811a9ec2d882c942ee0b708d6771e63a2656b8d5e5cc2f1d908d", "7aa8a26899f2f2287501641c5c53eb73fefed72d1599c63b8fc6f32fc0a1c9ff", "81ae7f44f69abace943404c81112576938f7e4190f51040b7f871deb8da61884", "81cc23c7e8ecac16bece423897caf68e797ae81a6a57d3df72456fbf392acc35", "87da52fd686e821544ff2232989fb465ebe39b1d35e1436c7030f8095157200a", "8b4c98fb3dfb33bba5a9c302b0e1003a60160bc892a62412a5ad41ff4f23efce", "95b7261f13e7c036931200e66068e7dc0c1e8c7a4274cd1bf745a55aabf306b8", "9aceeff5e3d045963e5ea69a8a0b5ff28e64528a9aec8d3b29f3892fe4f62d8f", "9f8e0402ede3d530a0722d093c5f3c7e9b9de2c70592369eae0cd8ace7cf762d", "d6eebedaf13d98f6e2cccb823304ce78ebb7ca8cea1b4da6b33bae7f4d722f1c", "fa35b51a512b23ad3a83c1ad1a86f80778ebc2eb058306a8f2b8b55bbb2faefe"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\TRACING\\KMDDSP", "value_name": null}]}, "reports_count": 27}, "Win.Worm.Bublik-9631383-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "deleted-executable-in-system-dir", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "malware-bublik-mutex-detected", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6"], "mitre_attack_tags": []}, {"bi": "pe-header-timestamp-future", "hashes": ["ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "mitre_attack_tags": []}], "category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Bublik is a downloader that targets Windows hosts. Although it's primarily used as malware to distribute various banking trojans, it's also capable of extracting and exfiltrating sensitive information from the host.", "hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "iocs": {"domain": [], "file": [{"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "path": "%SystemRoot%\\SysWOW64\\igfxpk32.exe"}], "ip": [{"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6"], "ip": "204[.]79[.]197[.]200"}], "mutex": [{"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "name": "muipcdraotse"}, {"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "name": "S3xY!"}], "registry": [{"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\APPCOMPATFLAGS\\LAYERS", "value_name": null}, {"hashes": ["26dd1c792ddaeaff392a5f4009177e491bd7bf4d21f8040b8e15a320ecd02cf6", "3a8aa80c0d99ceb079ceec150b580cc9e6fb21ab9ed5e3f0c2eaf8049e1dcb29", "456302f04ff83bc8fcb9c8de1629ef6e8318252c8413cae51f4546a3b0c168d6", "484e46ad2463cf0a06594346dfe846bb176455537333c577f98d164e1e0c3a80", "49f8afaa872469f5d122fcb620c5d5fed579a5ef65cd3030da0b17a0f36613ad", "60c9114fe6bf4144d47b7feaad919bbfe1b7cf46923627bbd128cb9c76528cd6", "67dd691f0ed950a8ec2312e3d2d3cea812b5c9e18efb557d51621f5759ab1772", "71b8a0fe946d53a998e3ad22217b51f710c5856e8ca623ac41fecd57ef43bd0c", "7eeff85c9e16b4b0e60a45747eddac2e770532fd0f1f3530cabd89cdff38005f", "a7406be23b62618628f4e5a2418a52e0b19d841aab17ae8893d34b7afff46d57", "c446f7354d7075a4ee6fd2ebed009cfbf6069b1de4bf630af320ef734bc1996e", "ca8b27caa960829b33970fe6648b5f5b18cc06e7c351eef64c8a74c842bdbf1c", "ffcb36874eaa55fc457f56d10a9a85e475d7132b650186e003ddccd75f18e6d6"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\APPCOMPATFLAGS\\LAYERS", "value_name": "C:\\Windows\\system32\\igfxpk32.exe"}]}, "reports_count": 13}, "exprev": [{"count": 18423, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 2556, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 1266, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1155, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 1004, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 730, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 542, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 429, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 113, "description": "Palikan is a potentially unwanted application (PUA), browser hijacker, a type of malware that most of the time does not explicitly or completely state its function or purpose. When is present on the system, it may change the default homepage, change the search engine, redirect traffic to malicious sites, install add-ons, extensions, or plug-ins, open unwanted windows or show advertising. Palikan commonly arrives as a file dropped by other malware or as a file downloaded unknowingly from a malicious site. It has also been closely associated with DealPly.", "name": "Palikan browser hijacker detected"}, {"count": 86, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 45, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 38, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 35, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 29, "description": "An exploit payload intended to connect back to an attacker controlled host using http has been detected.", "name": "Reverse http payload detected"}, {"count": 26, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 24, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 21, "description": "An unknown adware family was detected. Adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Unknown adware family detected"}, {"count": 15, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 8, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 5, "description": "Command line options indicating usage of XMRig Miner have been detected. Malware sometimes uses compromised hosts to mine for cryptocurrency on behalf of the attacker.", "name": "XMRig Miner Detected"}, {"count": 5, "description": "Cobalt Strike is a tool used by both penetration testers and malicious actors. It has been observed being used to deliver Ryuk ransomware and other payloads.", "name": "Cobalt Strike activity detected"}, {"count": 5, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-09-04T20:28:46+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Malware.Ponystealer-9635182-1", "Win.Trojan.Scar-9633394-0", "Win.Trojan.Chthonic-9633435-1", "Win.Malware.Blackshades-9633290-1", "Win.Worm.Bublik-9631383-1", "Win.Trojan.ZeroAccess-9631324-1", "Win.Packed.Kuluoz-9629090-1", "Win.Dropper.Glupteba-9622152-0", "Doc.Downloader.Emotet-9619866-0", "Win.Trojan.Gh0stRAT-7619117-1"]}