{"Doc.Malware.Emotet-9774982-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "document-contains-vbforms", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "document-single-page", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "wmi-process-create", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "TA0002", "T1218", "T1047"]}, {"bi": "powershell-encoded-buffer", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "TA0002", "T1086", "T1202"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "registry-powershell-ras-dll-loaded", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-direct-ip-traffic", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "document-exe-dropped", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0002", "T1173"]}, {"bi": "nginx-webserver-detected", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-http-numeric-ip", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "malware-emotet-file-drop", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "document-launch-powershell", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "document-network-traffic", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-communications-http-post", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "powershell-encoded-obfuscated-cmdline", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "powershell-remote-code-execution", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "T1086"]}, {"bi": "document-wmi-process-create", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "T1218"]}, {"bi": "network-dns-doc-network-traffic", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "feed-domain-document-network-traffic", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "url-forced-download-prompt", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005", "T1105"]}, {"bi": "network-downloaded-executable", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-snort-file-exe", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-dns-download-executable", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-downloaded-executed-from", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "T1105"]}, {"bi": "network-downloaded-executable-service", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-system-dir", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "document-contains-high-wordcount", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0011", "TA0005", "T1065"]}, {"bi": "hook-installed", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "malware-document-av", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-downloaded-antivirus-flagged", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5"], "mitre_attack_tags": []}, {"bi": "pe-encrypted-section", "hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-shellcode", "hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "mitre_attack_tags": []}, {"bi": "windows-util-tracert", "hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "mitre_attack_tags": ["TA0007", "T1046"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "iocs": {"domain": [{"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "schema[.]org"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "api[.]w[.]org"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "gmpg[.]org"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "codienvietnhat[.]com"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "packzon[.]in"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "host": "www[.]cloudflare[.]com"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "host": "e13678[.]dspb[.]akamaiedge[.]net"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "host": "cse-engineer[.]com"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "host": "listingera[.]com"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "host": "blog[.]zunapro[.]com"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "host": "electronicsvibes[.]com"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "host": "brycebrumley[.]com"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "host": "www[.]jornco[.]com"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "host": "healthcureathome[.]com"}], "file": [{"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "path": "%HOMEPATH%\\Fd659f5\\Nt882_p\\Mwa6v5whk.exe"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "path": "%HOMEPATH%\\fD659f5"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "path": "%HOMEPATH%\\fD659f5\\nT882_P"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "path": "%HOMEPATH%\\G0c64r2\\L6rym4o\\N3hpboq.exe"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "path": "%HOMEPATH%\\g0C64r2"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "path": "%HOMEPATH%\\g0C64r2\\L6rYm4o"}, {"hashes": ["d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "path": "%SystemRoot%\\SysWOW64\\Syncreg"}, {"hashes": ["e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "path": "%SystemRoot%\\SysWOW64\\avicap32"}, {"hashes": ["d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29"], "path": "%SystemRoot%\\SysWOW64\\NlsData004c"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "path": "%SystemRoot%\\SysWOW64\\WlanMM"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "path": "%SystemRoot%\\SysWOW64\\netprof"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "path": "%SystemRoot%\\SysWOW64\\imapi2"}, {"hashes": ["c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5"], "path": "%SystemRoot%\\SysWOW64\\dpnaddr"}, {"hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons000d"}, {"hashes": ["b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0"], "path": "%SystemRoot%\\SysWOW64\\userenv"}, {"hashes": ["e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "path": "%SystemRoot%\\SysWOW64\\mfc140deu"}, {"hashes": ["cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125"], "path": "%SystemRoot%\\SysWOW64\\NlsLexicons0020"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c"], "path": "%SystemRoot%\\SysWOW64\\ds32gt"}, {"hashes": ["cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125"], "path": "%System32%\\NgcCtnrGidsHandler\\cofire.exe (copy)"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "path": "%System32%\\iphlpsvc\\XInputUap.exe (copy)"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "path": "%System32%\\TokenBrokerCookies\\dsclient.exe (copy)"}, {"hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d"], "path": "%System32%\\certca\\InternetMailCsp.exe (copy)"}, {"hashes": ["c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5"], "path": "%System32%\\msdtckrm\\capiprovider.exe (copy)"}, {"hashes": ["d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29"], "path": "%System32%\\apprepapi\\iaspolcy.exe (copy)"}, {"hashes": ["e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "path": "%System32%\\wscapi\\FXSST.exe (copy)"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c"], "path": "%System32%\\PhotoMetadataHandler\\sbeio.exe (copy)"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "path": "%HOMEPATH%\\L4z2rv_\\Wnxuzhy\\V48gx0a.exe"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "path": "%HOMEPATH%\\l4z2Rv_"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "path": "%HOMEPATH%\\l4z2Rv_\\wnxUzhY"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "path": "%HOMEPATH%\\JxM0N_l"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "path": "%HOMEPATH%\\JxM0N_l\\c4nP6WR"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "path": "%HOMEPATH%\\Jxm0n_l\\C4np6wr\\Cbw6ou6.exe"}, {"hashes": ["d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "path": "%System32%\\psmsrv\\LocationGeofences.exe (copy)"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "path": "%System32%\\wevtapi\\tracerpt.exe (copy)"}, {"hashes": ["e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "path": "%System32%\\TimeBrokerServer\\SyncProxy.exe (copy)"}], "ip": [{"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "ip": "190[.]85[.]46[.]52"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "ip": "167[.]71[.]227[.]113"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "ip": "116[.]91[.]240[.]96"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "ip": "45[.]252[.]251[.]10"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c", "b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0", "cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125", "d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a", "e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d", "e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "ip": "142[.]4[.]14[.]109"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656", "c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "ip": "217[.]73[.]131[.]5"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "82[.]76[.]111[.]249"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "202[.]22[.]141[.]45"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "202[.]29[.]239[.]162"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "37[.]187[.]161[.]206"}, {"hashes": ["c127cf0ce097e22f9f1fe0ca565c77a111745b85b0e78b21d20833055bc821d5", "e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "ip": "172[.]67[.]130[.]58"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e", "9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "80[.]87[.]201[.]221"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "104[.]27[.]145[.]33"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "35[.]213[.]151[.]141"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "35[.]184[.]245[.]68"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "ip": "139[.]196[.]92[.]176"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "ip": "104[.]27[.]144[.]33"}, {"hashes": ["e218d7c8b3bd6e69065f2a2bee81c88865d2068a46c3997339a200318f7b82b4"], "ip": "104[.]28[.]8[.]36"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "ip": "216[.]47[.]196[.]104"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "ip": "104[.]28[.]9[.]36"}, {"hashes": ["3f5284458a0d2d7d50d7487391aae521f625a8920bfe03a7c88d412f8c17699e"], "ip": "162[.]241[.]27[.]28"}], "mutex": [], "registry": [{"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FSUTIL", "value_name": "ImagePath"}, {"hashes": ["9f2b84e3636d99a49ea3ae417c564253d9a351cc49c756a61c63acd530fd3748"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\FSUTIL", "value_name": "Description"}, {"hashes": ["939e9772cc64e88895365ccc1be8d7a6ef4b7c47b70165c35c79e2391ab50656"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRACERT", "value_name": "Description"}, {"hashes": ["d7f2699f9b7e0c263fcbd73238a883871965586fad16985455a85498ce8b520a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\AUTOFMT", "value_name": "Description"}, {"hashes": ["b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CDOSYS", "value_name": "ImagePath"}, {"hashes": ["d366dfc971747d113549ee401fa6dc07dfa0f478c9b08109640f84151bd2da29"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MSXBDE40", "value_name": "Description"}, {"hashes": ["cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSHEXT", "value_name": "ImagePath"}, {"hashes": ["3dc27bfea129de80fabb8e5ec05816202ae50e9b182b9d1f67546491c7fbe01c"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SQLCEQP30", "value_name": "Description"}, {"hashes": ["b18241915f09540635b0cc900d7652b72af39fa16e4a3fb8a1e17264b3e0b3e0"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CDOSYS", "value_name": "Description"}, {"hashes": ["cf9401d8bcbb01edf06c19509b572a26047b2788a41f0ffa5d52c2189fe5a125"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSHEXT", "value_name": "Description"}, {"hashes": ["e145443e68242815362d6737543409a1adb395879c75c43849abd5e401df522d"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSDCHNGR", "value_name": "Description"}, {"hashes": ["e3f75fa3896fe0551e1a892b0bf308e786326218836e5824fcfac7cd813c142e"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SECPROC", "value_name": "Description"}]}, "reports_count": 12}, "Win.Dropper.Remcos-9775269-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "modified-file-in-user-dir", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-discord-domain-detected", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-generic", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "files-deleted-used-batch", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "cmd-exe-file-execution", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-modification-reg", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": []}, {"bi": "files-deleted-used-vbs", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "benign-process-has-child", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "registry-autorun-key-modified", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "enumeration-browser-information", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "feed-domain-rat", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "malware-remcos-registry", "hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0009", "TA0006", "TA0011", "TA0008", "T1056", "T1113", "T1125", "T1123", "T1105"]}, {"bi": "network-communications-http-get", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "malware-remcos-mutex", "hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "windows-vault-api", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "registry-modified-rootcerts", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005", "T1130"]}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "network-dns-category-dynamic", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-filename-mismatch", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "mitre_attack_tags": []}, {"bi": "deleted-executable-in-program-dir", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "mitre_attack_tags": []}, {"bi": "malware-generic-infostealer", "hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "malware-remcos-path", "hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-known-trojan-av", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "altered-sample-snort-flagged", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "malware-guloader-traffic-detected", "hashes": ["b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "pe-certificate", "hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "mitre_attack_tags": []}, {"bi": "pe-invalid-certificate-signature", "hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "dns-query-nxdomain", "hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6"], "mitre_attack_tags": []}, {"bi": "malware-netwire-rat-registry", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "mitre_attack_tags": []}, {"bi": "malware-netwire-mutex", "hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "mitre_attack_tags": []}, {"bi": "dns-dynamic-domain", "hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "mitre_attack_tags": ["TA0005", "T1093"]}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Remcos is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes, interact with a webcam and capture screenshots. This malware is commonly delivered through Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "ba31bf4be9b465954f0295e46dfc26f6028afde0276916070561e0715333138f", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "iocs": {"domain": [{"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "host": "discord[.]com"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "host": "cdn[.]discordapp[.]com"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "host": "googlehosted[.]l[.]googleusercontent[.]com"}, {"hashes": ["2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "host": "cpanel[.]com"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "host": "nilemixitupd[.]biz[.]pl"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "host": "cds[.]d2s7q6s2[.]hwcdn[.]net"}, {"hashes": ["8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "host": "doc-0o-9o-docs[.]googleusercontent[.]com"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "host": "goddywin[.]freedynamicdns[.]net"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "host": "latua[.]nsupdate[.]info"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "host": "rromaniitalfoodsinc[.]zapto[.]org"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "host": "fuckfuck0[.]ddns[.]net"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "host": "zubbymoney4life[.]ddns[.]net"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "host": "bushuc009[.]duckdns[.]org"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c"], "host": "doc-14-9o-docs[.]googleusercontent[.]com"}, {"hashes": ["2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453"], "host": "doc-0s-9o-docs[.]googleusercontent[.]com"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "host": "macapslafg[.]ug"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "host": "perrymason[.]ac[.]ug"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "host": "doc-0g-1c-docs[.]googleusercontent[.]com"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "host": "doc-10-1c-docs[.]googleusercontent[.]com"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "host": "insidelife1[.]ddns[.]net"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "host": "doc-0s-1c-docs[.]googleusercontent[.]com"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "host": "u875414[.]ddns[.]net"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "host": "u875414[.]duckdns[.]org"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "host": "u875414[.]nsupdate[.]info"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "host": "u875414[.]nvpn[.]to"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "host": "logisctismest[.]duckdns[.]org"}], "file": [{"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%PUBLIC%\\Natso.bat"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%PUBLIC%\\x.bat"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%PUBLIC%\\cde.bat"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%PUBLIC%\\x.vbs"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "path": "%APPDATA%\\7C7955\\5D4644.lck"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "path": "%APPDATA%\\D282E1\\1E80C5.exe"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "path": "%APPDATA%\\7C7955\\5D4644.exe"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "path": "%APPDATA%\\remcos"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "path": "%APPDATA%\\remcos\\logs.dat"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Yqgxnek.exe"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "path": "%LOCALAPPDATA%\\xgqY.url"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Tkhvnek.exe"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "path": "%LOCALAPPDATA%\\vhkT.url"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Lglznek.exe"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Ccgxnek.exe"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "path": "%LOCALAPPDATA%\\xgcC.url"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "path": "%LOCALAPPDATA%\\zlgL.url"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "path": "%APPDATA%\\Appo\\Appo.dat"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Avcmnek.exe"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "path": "%LOCALAPPDATA%\\mcvA.url"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Akhrnek.exe"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "path": "%LOCALAPPDATA%\\rhkA.url"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Svpdnek.exe"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "path": "%LOCALAPPDATA%\\dpvS.url"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Eqfynek.exe"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "path": "%LOCALAPPDATA%\\yfqE.url"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Efqfnek.exe"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "path": "%LOCALAPPDATA%\\fqfE.url"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "path": "%APPDATA%\\September\\logs.dat"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Xfltnek.exe"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "path": "%LOCALAPPDATA%\\tlfX.url"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "path": "%APPDATA%\\fgha\\dfgh.dat"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "path": "%LOCALAPPDATA%\\Microsoft\\Windows\\Secznek.exe"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "path": "%LOCALAPPDATA%\\zceS.url"}], "ip": [{"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "162[.]159[.]135[.]232/31"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "172[.]217[.]11[.]33"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "172[.]217[.]11[.]14"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "209[.]85[.]201[.]132"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "ip": "195[.]69[.]140[.]147"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66"], "ip": "162[.]159[.]128[.]233"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "ip": "162[.]159[.]137[.]232"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "ip": "162[.]159[.]133[.]233"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "ip": "162[.]159[.]138[.]232"}, {"hashes": ["6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "ip": "185[.]234[.]52[.]117"}, {"hashes": ["6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "ip": "104[.]223[.]143[.]132"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8"], "ip": "173[.]194[.]206[.]100/31"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8"], "ip": "162[.]159[.]136[.]232"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "ip": "172[.]217[.]11[.]46"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "ip": "194[.]5[.]98[.]5"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "ip": "205[.]185[.]216[.]42"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "ip": "205[.]185[.]216[.]10"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "79[.]134[.]225[.]69"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "ip": "79[.]134[.]225[.]76"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "ip": "162[.]159[.]130[.]233"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "ip": "162[.]159[.]129[.]233"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "ip": "79[.]134[.]225[.]85"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "ip": "216[.]38[.]7[.]231"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "ip": "162[.]159[.]134[.]233"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "ip": "23[.]105[.]131[.]212"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "ip": "194[.]5[.]98[.]95"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "ip": "194[.]5[.]97[.]15"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "ip": "176[.]107[.]178[.]223"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "ip": "173[.]194[.]206[.]102"}, {"hashes": ["9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14"], "ip": "173[.]194[.]206[.]113"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "ip": "173[.]194[.]206[.]138"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "ip": "115[.]133[.]65[.]125"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "ip": "23[.]105[.]131[.]185"}], "mutex": [{"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8", "23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c", "452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c", "639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "name": "Remcos_Mutex_Inj"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "name": "9DAA44F7C7955D46445DC99B"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "name": "-"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "name": "Remcos-KO8TXB"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "name": "Remcosss-ZQM59L"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "name": "Remcos-1XWULW"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "name": "Remcos-88VOSB"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "name": "cvxdsaxzcas-C19IL8"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "name": "-Y4K8X5"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "name": "Remcos-D772CV"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "name": "September-IJ9HLQ"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "name": "aqyuio-A5YQYE"}], "registry": [{"hashes": ["1f04efba216a70f67f7d86cb3cfdccb282adcf9bfa3b5fb01168befcf584639c", "2079033b3845344ea2b3f6ef451dcab2ade39e8c614f1a6da490a928ebc69453", "6459a9e97d4b982bd7ab59434fbe96d7e289871733e46c755eaba190728818c6", "66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c", "730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6", "7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142", "8b918f9c74b65e17578f548419922dcacb08408b5fbae15fd2269f7dbb2a50d8", "9c4a8d19b4569f2c457c7fc801ccbbd841228a5e201aa9ca71c26a1808ef5e14", "b35655f68c781994bf22edcaf49e039366238da22d09c14ec373e55e7b5b0d66", "bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529", "d2260cf4bc6a1c1c042af5caa0c0d76c4efca389588ddef8a57108ca3f1c41cb"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "windir"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4", "70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": null}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "HostId"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-KO8TXB", "value_name": null}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-KO8TXB", "value_name": "exepath"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "key": "<HKCU>\\SOFTWARE\\REMCOS-KO8TXB", "value_name": "licence"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "key": "<HKCU>\\SOFTWARE\\REMCOSSS-ZQM59L", "value_name": null}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "key": "<HKCU>\\SOFTWARE\\REMCOSSS-ZQM59L", "value_name": "exepath"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "key": "<HKCU>\\SOFTWARE\\REMCOSSS-ZQM59L", "value_name": "licence"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-1XWULW", "value_name": null}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-1XWULW", "value_name": "exepath"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-1XWULW", "value_name": "licence"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-88VOSB", "value_name": null}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-88VOSB", "value_name": "exepath"}, {"hashes": ["23bc54e7ea03405d99a2bcb63cf3fb9ce8660b52124d8e56b1726e48ace19c2c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Yqgx"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "key": "<HKCU>\\SOFTWARE\\REMCOS-88VOSB", "value_name": "licence"}, {"hashes": ["452b05fe37ebecdf74fdf43d5c119ac12f1454b918f7b763fb6a3999cc1c7a4c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Tkhv"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "key": "<HKCU>\\SOFTWARE\\CVXDSAXZCAS-C19IL8", "value_name": null}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "key": "<HKCU>\\SOFTWARE\\CVXDSAXZCAS-C19IL8", "value_name": "licence"}, {"hashes": ["bf299d7470853a3e46815224518714e34b2338256bdb5d12f838b5e5da45b529"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Ccgx"}, {"hashes": ["fda7edab2bfba6005bc2f82548b9dcef7deec1fef238acc5fee12322d2b2629e"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Lglz"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "key": "<HKCU>\\SOFTWARE\\-Y4K8X5", "value_name": null}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "key": "<HKCU>\\SOFTWARE\\-Y4K8X5", "value_name": "exepath"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "key": "<HKCU>\\SOFTWARE\\-Y4K8X5", "value_name": "licence"}, {"hashes": ["66a80184a65bd847cfad4dc290dcad8e59791c19b13c277678c75dd2d0d11f5c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Avcm"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "key": "<HKCU>\\SOFTWARE\\NETWIRE", "value_name": "Install Date"}, {"hashes": ["730ff53ff20637037da39558845d875852ad760be508d612d3a87241d7c7e2c6"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Akhr"}, {"hashes": ["70becb8767f332806988daf8754f73c6d13b9b6d7f4ca4bc1f3ccf6e4d4e9e73"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Svpd"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "key": "<HKCU>\\SOFTWARE\\REMCOS-D772CV", "value_name": null}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "key": "<HKCU>\\SOFTWARE\\REMCOS-D772CV", "value_name": "exepath"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "key": "<HKCU>\\SOFTWARE\\REMCOS-D772CV", "value_name": "licence"}, {"hashes": ["2df48332de94a5f6d50d6f2a6bba4695770d01679f72163671f0d75571f091c4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Eqfy"}, {"hashes": ["02ec3e0823ceee4aad4a57753d47fe390db22cf4001708bbbe6af077fe146db8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Efqf"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "key": "<HKCU>\\SOFTWARE\\SEPTEMBER-IJ9HLQ", "value_name": null}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "key": "<HKCU>\\SOFTWARE\\SEPTEMBER-IJ9HLQ", "value_name": "exepath"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "key": "<HKCU>\\SOFTWARE\\SEPTEMBER-IJ9HLQ", "value_name": "licence"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "key": "<HKCU>\\SOFTWARE\\AQYUIO-A5YQYE", "value_name": null}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "key": "<HKCU>\\SOFTWARE\\AQYUIO-A5YQYE", "value_name": "exepath"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "key": "<HKCU>\\SOFTWARE\\AQYUIO-A5YQYE", "value_name": "licence"}, {"hashes": ["7a7eae36a54dada555db57bd8f24e4a38a9b0f0432e13d19b16b538deb5e4142"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Xflt"}, {"hashes": ["639e9b01966ca0e3966e6cbc513c9f66f97c9d50ab7e59c17c4cbccdbfa2984f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Secz"}]}, "reports_count": 19}, "Win.Dropper.Tofsee-9775522-0": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "imports-IsDebuggerPresent", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "pe-resource-lang-spanish", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "modified-executable", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "process-long-cmdline", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "cmd-exe-file-execution", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "registry-service-with-autostart-created", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "currentcontrolset-service-added", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "dns-query-nxdomain", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "network-dns-category-file-storage", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "listening-port-opened", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "T1219"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-compound-cta-activity", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1031"]}, {"bi": "netbios-null-domain", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "sc-service-create", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0003", "T1050"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "new-service-launched", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-tofsee-domain-detected", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "malware-tofsee-filepath", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "T1105", "T1112"]}, {"bi": "sc-service-create-execute", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0002", "TA0003", "T1035", "T1050"]}, {"bi": "zen-spamhaus-domain-contacted", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "network-snort-server", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "suspicious-user-agent", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "nginx-webserver-detected", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot-v2", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "network-snort-sensitive-data", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": []}, {"bi": "excessive-tcp-connections", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583"], "mitre_attack_tags": ["TA0011", "T1095", "T1008"]}, {"bi": "double-url-detected", "hashes": ["c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc"], "mitre_attack_tags": ["TA0011", "TA0010", "T1102"]}, {"bi": "network-file-uploaded", "hashes": ["c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-non-standard-port", "hashes": ["c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc"], "mitre_attack_tags": ["TA0011", "TA0005", "T1065"]}, {"bi": "network-communications-http-post", "hashes": ["c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-downloaded-to-disk", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "enumeration-browser-information", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "artifact-windows-task", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "windows-util-schtask", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "windows-util-schtask-generic", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "modified-file-in-system-dir", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "pe-imports-empty", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "registry-service-autostart-disabled", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1112", "T1489", "T1058"]}, {"bi": "artifact-vm-detect", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1497"]}, {"bi": "process-with-multiple-children", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-certificate", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-antianalysis", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "process-check-virtualbox", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0007", "T1497"]}, {"bi": "registry-service-type-modified", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1112", "T1058"]}, {"bi": "embedded-pe-resource2", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "pe-header-subsystem", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "malware-glupteba-bot-mutex-detected", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": []}, {"bi": "windows-util-schtask-create-onlogon", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0003", "T1053"]}, {"bi": "task-pointed-to-appdata-directory", "hashes": ["235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004", "T1053"]}, {"bi": "network-dns-category-proxy", "hashes": ["43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "netbios-query", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": []}, {"bi": "network-dns-category-phishing", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": []}, {"bi": "pe-imports-psapi-dll", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "pe-imports-toolhelp", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": ["TA0007", "T1057"]}, {"bi": "network-url-tracking-service", "hashes": ["1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d"], "mitre_attack_tags": ["TA0011", "TA0005", "T1102"]}, {"bi": "artifact-pe-no-dos", "hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "mitre_attack_tags": []}, {"bi": "malware-trojan-bunitu-mutex-detected", "hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6"], "mitre_attack_tags": []}, {"bi": "html-small-file-redirect", "hashes": ["86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["064b91b5308847dc1da7594d6d57e5a61938a8b09013393c7af4f78c7e2f4622", "071561d9d38c97ba6d85dee3b24f0a394e956a7dcc5c9235f90142e365429773", "0a05a774a29d6c8fa54d7706ea9f1fe289be3f15280d432aa3aa9751a8c1049d", "0a58a1f9e4c89d7e023a269b984fbfed1178936bd9498a42130c0cca0233e1a5", "0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "0d9a659ca367421228f7e145afc7223f2c93e9e69500ac9c1290f5b5785ec466", "13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "16bfb3ec570d91f3c7321858d3707770ee005d36bb36a51e78fcdeec80b1ed20", "17855cca50e283f0144afad6ba76c2242a6ea865993eddb75859ef02affa2b69", "17d1e8f9b9257d2a55be61d9ad7fadeed6cba1db5e4252946d7ca9f0ed9c4390", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "1b67021a8020192aa458dc3d6242712ac9c8299181aa8a27b62b6df43e64b59f", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511", "1f54885497804c465f2cfd5275b6ec09cf1a62c8578cec16e2e9795f1526923d", "20dc57ac2a9bad9f717c272626aa30d81d9b67634029aca9e8c4b5df067f5885", "223a2ae4d6b4ce958fb225a7c31a51690d30a57a2eed855d0ff23eae142141d5", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816", "2bf19b8f3b082c562ea540f4e6ec38c42b41a0295d56af5d0d6b89ae3419125a", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "358178b74d9ff1457dab5015e5d10aa18a3b95d50a5a821568886672dfde97f3", "3cab6b6cc553f7e4e1038b2a37226d0d4cd518d7da7aa62057e6560c5685fb49", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "41d2f9ef245a688081894e9983a5094d9beb6d84bda7d057ecc15a247aea6a06", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "44ccaaf3cc76edd1e184d8c65b13db79638fcbf8ed37b5883c34a1a8a7700901", "4661e688840fe5140d22bb1925bd0ce742d0d91712a4342e4060e063e4b2b7c7", "49a3eb558a0d91a79b3c61528a8cdbb3ef485b930a61135783e5563e38871aad", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "4c204ed9f070a09413ac9cdfafee3c96c40d7acb5ddc1a47a2c8087be5a3de0e", "501730c672d6e4ae118ca3896b8e5194d93b6176e2354794a5cba3848ec04861", "538d16d5e0acff73a7fe5621ed827c49d0d92e712f46b56f64a8d977a810f73c", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "549e190f4c1135b14b95f83f1fa59a78182806bd2872d34a9fc2fce4e052b8e9", "566f1487a069b725998da642ab134ed5b1c55041247607d50c73593cb8da4df7", "568cd0d6f8bc08c5606cc7d9f0a2abf013dc50bc4888f229154c583a2668c6ec", "57a175e3e712e5e93461548df6e6f6cd9ff6dace28a3cbd57b93e560f5087ca6", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "5cd105cd370351f60bf7c1c2b3318d4d0544c45ee535aa5e645e81c49b2d81d0", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "618493b6703e8c1a07af6838c29a5368106d3ad4b07727035ca2f1ec23c1a1c9", "69405928a3640e5f33bbbe621586ccd43519e4999d554467a26a9d48b251766e", "6a6a47148b3c9a006cd7ff68670baba3569639e5ff1dd9d94ccb109fd108fc35", "6b2f77062eade18cbaaf125f2dec1a830b7296ce23fe2a7b26c2130440bc2839", "6be2d11dfbdebcdba431ed50913486da272fee87f2e6c2f3676a063e6b7b2253", "6c7e5adb8986f8f2974c455e0ab58e079aac53374ee21ca335a4c114489cb595", "6e7e9170fdbc9b41bf07d389a911b834db6226d17c2d26dc402769342a593286", "6f8ba0767f8e31770156dc6a73242ab122ea18f4c2dcf3f3ba00997a181675a4", "7444c19c4682d4434f58e317b3dce5fcdc7a24a30a6e8204e70bd16739862fc2", "74b3d93844e7c4798ddd4ec51180fbd2d67abfafffaa68d8fb257ccacdedffe4", "7748c79ad02e5cfb0f9bec8114f826f8921146ac487250fad852c7bc4e2b4908", "7817676156bfbe22795f7a6e7cd77448abba3d4b681de971847ace3711ed2d9a", "782644002292408f3188f7468be2bd3ab893fa07ce9c6100dd956cfc0b769df2", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "81b12d94d4a8cc1b87f74f23900eddc1b18c0334aed1e481420df65620414cc7", "81b7f2e0a6eea31e6d66e626f528463e44fb29e7134a2bc833694609bbd3528a", "826c4f60fab26401c257acec7ba1326f1c35551335ee5523bda66626c861e695", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "87f9f9a857c151d8597508bd6125fa6141deecc172c6b717da0ccf4861efcb75", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "88f9d0c268ebe6e8905164d71a734e19adf15aa630be1571cdfb4f09d5a5c6c2", "8e01814ec0dee58b68a323e6a92c5153c19ec8b2cfa18b5c1c31751a8e5d405b", "8ef471250ef34d036d93d2fb0fa8095577a4032436b631d93df6aac94f32a4a8", "8f8fd9c5be1e8e2e73239ae4f14f64506f74638ddaea3d1c20b78f8917ad58e2", "939fee191ab17dff84bd1ae3043ce7f48f4cc836c21454115a9f885da3105db1", "9400b23fccc03b9d158fb390b439f365abe7a9fc4f2d5be1c270fc417d7e7688", "943c7d043d1b800f455db75111789e716736f47f630dd2424b24915c99a9db9a", "9626ad7886a219b1b3c70ced60268ea4e734996000cb0b3aa16b98347ba44b16", "998a41152681bc498b225cf98d1aa92c4812d00d5dd58e8b310a82be67779e59", "9a811c7f85a78bce0e33c06e7d3bc1ec2e71f34969ed32e29c2f52416048ffbf", "9b90c4d3e6309279527c03d1f275a93ea0bc9a755b35d8f7782e12a174cfe11b", "9be07f019ee4ea929fefa620df3c1b689c6d0df238740ae780898e341cdd5916", "9eef410a4b52ce4b70f990e6c5da7858517d3110a36a91d178a95982853174a2", "a3308227b3a441dfa8853ccd801eac885908d4c63aef2f446059d043118a6136", "a7e682a02a0ec17311af315deca5c8554704325a16fb498a465e9e37325256ab", "aa444c77b99a68b0f732c2e5dcbc46d8de0f943e8e1d9f3c7ef606b447980bc7", "aae93a6177a1172b3b4ef11cc4942b8c271606fe2204e93f3f59af783b6bfca8", "b4d137a3b4b00b0e1e3c3ec091ee1c07b8f89a696125f24283874e5ac519d36e", "b568f0204752e4fa452155960f6ee62cd60447ad004ef426ecea240ce759311f", "b9056fd7494a13c835bb7febd587189dfe49ee765c4f85978aae4d59bedfb7b8", "b97d429fafdba06abc680f8e72036a95328648a7b0bfc4a3cd860a7a90b1d708", "b98d9c6800dbc89e1452026b880bd1263357ae137ce7b7b87ece699f275219a8", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c70e4c34c248e50c900583803baecaa605add35dc50870a4e05c22e7122a3152", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "c7fa12f0c4f35ad95664b8c6c58fe7ddb46a667ba8be1cabb390325d69c049b1", "c8230c71ee1374378773dc7ccc394a50cb2f1acc3c757bead8c3705b33cc99d9", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845", "d2200cea79239615713403884e5bfcc0c5cb3900e029c199648af3c313fdd6b0", "d57ae183e75fea7d76577bcfbae1b41a7e32d70e96a203730c3783b26d16fae8", "d6ea937038acf2c87830aa1f440314b45e907b621b79c965e8a244adff767e05", "d81a7aa945dedba869f68d4f4842254b46e44ede4fad5378b7a77a090a06d3c7", "d81b627253fa0653648cef54d8a0a6885b209e74a016f4517513dafa976198c6", "d996e0eaa849c9b096d8c8dd2632d175ab2b896d9c7729f41edda33bfdd70d6e", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "de9850a4719db6984e72a6bd26fcf433662f6b4945bf85bae1f2d2b47fac73b3", "def9680d171a6a721f0faa5e32d2970ff2a4d0c0724b23396f99406ad56625b1", "df0e2fe05608fd50d8c2d6591e22cdf603c627af8fdc1e06d8945fc10e99da5a", "e10cc8e9fdb1de440f65e8cd655c57de8cc116f2d3da565ac225514dbac4ee22", "e10e21984be65b6911cdf6d70c5038237d1f07ca9fd5cd945486edd44b4843fe", "e1631ca8223564e66da2eefef64fce7e893593c37da5ad64f4d3fdfa58b27c6b", "e5085bbc2da4354dae91ebe542edf8e64a101d365fe5eb4a642294b8627ce7e0", "e58abf8399b1453f89f68db2d249f7ab65557fd57287e57626a8299fe4caba31", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "e9957600270292c38b1ba9c1874e883d6c7e362975e3467cc92597c968069752", "eae3353dc3cbc559e713734c089cc1a73a013ac71c887282cf210fc89fe567bf", "eb93642ab33dd0de587863a7aa25493741464d1c89ed8dc8f5b173772a0e301b", "ebb7f837d14a9a023d6b72e079d4b4486aa0f82ca6f8386573acc692602768ef", "eded3c3dcd2f4170387b7f59feda815120a14930d8056af6f98edb92967a3211", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f1e1b1c66dbbf2ffc8cbfa0b0b175e11058687e802eb7f384c2ef6c0b673b1d0", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fba119fa17e5df8b6d874059db1e56ccfc57ceacf58029731701f323167046e9", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201", "fccfed84899f089d73f499a61f539f7069c65c6555637d7e634810a07395d1d2"], "iocs": {"domain": [{"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "schema[.]org"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "blo[.]pool-pay[.]com"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "api[.]sendspace[.]com"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "sso[.]godaddy[.]com"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "work[.]a-poster[.]info"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "115[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "www[.]sendspace[.]com"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "www[.]google[.]co[.]in"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "www[.]sneakersnstuff[.]com"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "www[.]net-a-porter[.]com"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "iv0001-npxs01001-00[.]auth[.]np[.]ac[.]playstation[.]net"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "www[.]google[.]nl"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "e6225[.]x[.]akamaiedge[.]net"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "host": "cacerts[.]digicert[.]com"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "ip[.]pr-cy[.]hacklix[.]com"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "119[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "www[.]google[.]com[.]ua"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "www[.]google[.]de"}, {"hashes": ["43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "www[.]footlocker[.]it"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "www[.]off---white[.]com"}, {"hashes": ["4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "host": "117[.]151[.]167[.]12[.]in-addr[.]arpa"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4"], "host": "doi[.]org"}, {"hashes": ["43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c"], "host": "www[.]luisaviaroma[.]com"}, {"hashes": ["351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "lumtest[.]com"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "caliroots[.]com"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3"], "host": "gfixprice[.]space"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "www[.]ebay[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "ir[.]ebaystatic[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "i[.]ebayimg[.]com"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1"], "host": "www[.]google[.]ru"}, {"hashes": ["dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "www[.]google[.]se"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "signin[.]ebay[.]com"}, {"hashes": ["0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511"], "host": "greenpalace[.]top"}, {"hashes": ["43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "host": "registrierung[.]web[.]de"}, {"hashes": ["274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83"], "host": "c[.]paypal[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "srv[.]main[.]ebayrtm[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "pulsar[.]ebay[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "secureir[.]ebaystatic[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "src[.]ebay-us[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "pages[.]ebay[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "ocsrest[.]ebay[.]com"}, {"hashes": ["5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "host": "rover[.]ebay[.]com"}], "file": [{"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-z]{8}'>"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%TEMP%\\<random, matching '[a-z]{8}'>.exe"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%System32%\\config\\systemprofile:.repos"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "path": "%System32%\\<random, matching '[a-z]{8}\\[a-z]{6,8}'>.exe (copy)"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%SystemRoot%\\Logs\\CBS\\CBS.log"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%SystemRoot%\\rss"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%SystemRoot%\\rss\\csrss.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\csrss"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\csrss\\patch.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\Symbols"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\dbghelp.dll"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\ntkrnlmp.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\osloader.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\symsrv.dll"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%TEMP%\\csrss\\DBG0.tmp"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%System32%\\Tasks\\ScheduledUpdate"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%System32%\\Tasks\\csrss"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%System32%\\drivers\\Winmon.sys"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%System32%\\drivers\\WinmonFS.sys"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "path": "%System32%\\drivers\\WinmonProcessMonitor.sys"}, {"hashes": ["2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb"], "path": "%TEMP%\\<random, matching '[a-z]{4,9}'>.exe"}, {"hashes": ["0d204a3dcd80cbbf3063bfa130f163a4281c56bab9a5017faf6307025b5c829d", "1c76b631dd54f736e8bf3c822ab85e167c91fa18f19b7f38cc57e0aa4cfb6511"], "path": "%APPDATA%\\indepoped"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2"], "path": "%TEMP%\\csrss\\app.exe"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "path": "%ProgramFiles(x86)%\\dfinam"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426"], "path": "%System32%\\tvlemvm\\jfxxujiw.exe (copy)"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132"], "path": "%System32%\\ufqeet\\enhmedyu.exe (copy)"}, {"hashes": ["4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4"], "path": "%System32%\\ezuuvld\\yyzkfgem.exe (copy)"}, {"hashes": ["dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269"], "path": "%System32%\\ngdqilz\\tyidxjgi.exe (copy)"}], "ip": [{"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "172[.]217[.]6[.]196"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "217[.]172[.]179[.]54"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "5[.]9[.]72[.]48"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "130[.]0[.]232[.]208"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "144[.]76[.]108[.]82"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "185[.]253[.]217[.]20"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "45[.]90[.]34[.]87"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]208[.]104/31"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "144[.]76[.]173[.]210"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb"], "ip": "157[.]240[.]2[.]174"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]208[.]147"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]208[.]99"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]208[.]103"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "69[.]31[.]136[.]5"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb"], "ip": "104[.]47[.]53[.]36"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb"], "ip": "173[.]194[.]208[.]106"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "104[.]106[.]246[.]61"}, {"hashes": ["0b67b0e1db50d203f458f42f4564938373d27d272ac48156e7741429a84ea955", "0c28dccb21e275b37e66b53a2738690c78c7649fe73c3f4e9878ba1b24b90a17", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "1a5dd163ad9bac6381fd91d792469ddf47190a7e7c521add6a0c701fb61d6ae4", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "27cb6c16f047e0f99186b7d1abbda4d89929559a51ee97d0a9efa329d4592100", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "7982bf114ded9c4d6e14042473be892bd703188e995ee262314cfa3a09e40151", "bc7c10bafc03329038b57913b9bfeab142b4b67a500d4bbda8adc238779b0b1a", "f7296d76dabb33eea57698dbfd52f7a9a64e725f20e7e65fca820ab73a98abf8"], "ip": "204[.]79[.]197[.]200"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "12[.]167[.]151[.]115"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "37[.]1[.]217[.]172"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "104[.]109[.]65[.]121"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "142[.]250[.]64[.]67"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "34[.]98[.]127[.]226"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "216[.]146[.]43[.]71"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "40[.]76[.]4[.]15"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]175[.]94"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "104[.]107[.]31[.]230"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "172[.]217[.]197[.]94/31"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "ip": "176[.]58[.]123[.]25"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "ip": "173[.]194[.]66[.]94"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "173[.]194[.]207[.]94"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "ip": "204[.]79[.]197[.]219"}, {"hashes": ["22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "23[.]5[.]227[.]69"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "163[.]172[.]32[.]74"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "104[.]106[.]170[.]161"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "142[.]250[.]64[.]99"}, {"hashes": ["1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac"], "ip": "66[.]171[.]248[.]178"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6"], "ip": "104[.]28[.]8[.]113"}, {"hashes": ["274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "104[.]18[.]128[.]12"}, {"hashes": ["274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "172[.]67[.]208[.]45"}, {"hashes": ["351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2"], "ip": "136[.]144[.]56[.]255"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "ip": "2[.]23[.]108[.]203"}], "mutex": [{"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\SetupLog"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\WdsSetupLogInit"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\h48yorbq6rm87zot"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\Mp6c3Ygukx29GbDk"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\ewzy5hgt3x5sof4v"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\xmrigMUTEX31337"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "WininetConnectionMutex"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\a00ba776735f6e27e0619d46a07be9d3"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "a00ba776735f6e27e0619d46a07be9d3"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "983379e5eacf56a55f44720792d81bc2"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "name": "Global\\983379e5eacf56a55f44720792d81bc2"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NMOZAQcxzER"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NNDRIOZ8933"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NattyNarwhal"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NeoNetPlasma"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NetRegistry"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "OneiricOcelot"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "OnlineShopFinder"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "P79zA00FfF3"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "PCV5ATULCN"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "PJOQT7WD1SAOM"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "PSHZ73VLLOAFB"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "RaspberryManualViewer"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "RouteMatrix"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "SSDOptimizerV13"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "StreamCoder1.0"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "Tropic819331"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "UEFIConfig"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "UtopicUnicorn"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VHO9AZB7HDK0WAZMM"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VRK1AlIXBJDA5U3A"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VirtualDesktopKeeper"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VirtualPrinterDriver"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VividVervet"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "WinDuplicity"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "WireDefender"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "bitcoreguard"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "sqlcasheddbm"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "wwallmutex"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "CDNetStreamer2.r05"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "QOSUser2.r10"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "JerkPatrol"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "LenovoSuite"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "NeonRhythmbox"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "PrecisePangolin"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "VirginPoint"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "<random, matching '[A-Z0-9]{14}'>"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "<random, matching [a-zA-Z0-9]{5,9}>"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "<random GUID>"}, {"hashes": ["280e6ff50667190b051ff91d5836cbaa430628fb8e8de2fbc9157bd47439a816"], "name": "593-c2fb-4734-84f8-5847c460f1d9"}], "registry": [{"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Type"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Start"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ErrorControl"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "DisplayName"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "WOW64"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ObjectName"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "Description"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": null}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "22b2ddca1597c8f420d624bf894d505f2acbddad48417e10d3acf09e3bbce132", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "593f225f2343f40613f825e28fc6891612cdbf6421480b04ae1c4e586a233b2a", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "8628540e0bc983ec42204ece66a6d1be4fc1dd820d72b23b2a3c8aeb114fa9e2", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c10cc9ee4737710539f4534fa4a704aa13ff8ecb62bc3a219e752fe7c9f70e8a", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb", "fcb72d33febe50e5ca472cec8f033f5e3ac4c9b4a02f9c2736c4d30430416201"], "key": "<HKU>\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["13b9aaafab8d031b804d078479e553f43bb277386c681ad5364ef9d59d2e4426", "1b6c9b7af48b1657f0c2c5af418bd17d2df88619d10829493fe0597eea59a3b1", "274c361fd9334c84a4ec51972eb13df63411492562524e48f412c9438d1a20dc", "2cc105b6c59b4f62735ad57a657b22436920cb4f2c90804f17f73e7ca1bc37ab", "351069dcbc1197e208c2f21e7568d2922338fed357730c70296f34179f9bfd83", "3e957bb9eeacb007a037b5c293fa66ba2c3abf8bc08738166489fa2c3f42a583", "43a30deabaf3555596ad27c3127c94f46aee4b69acc06386b5c59e4946eb3ae6", "4a27937c3b6d82917b8ac3d46331ab5ecb503ae2ae3cc0d11b8ed4a48ad01d7f", "4b0bee65095791fc4f971d6d6420e2fd8cada502a4306867ccdd518462762dc4", "5390d30c96da9ada9c7acfb870b7db6ee57b102c7d5cb68d9605ed99e7310bf8", "7f24c1c59c4ea9922e88ae275332e87cd42bbe89036be6990296ed5795ad6e7c", "839c2a5901ba0e5d54f50918d4cd52c03564384de90ee8ab4b5def0f94a382e5", "86db9e9e920276b4c3df0e3043a34fc75be346f0a3a8ae3440f3a4fd5cd164f6", "c7a37603f36aa2d10c262210509c52ad5fe4fb26c06249bab63121496fd98112", "dbb4903937ecda2fcb980baf167da5d1f0d9f3bc1bb052af65f1a30c90f8a269", "e9517e5b2b3cf6b818bb6ba0ebe791dc47e5ee12451bdf2ca622c911d4e99cac", "ee0af2687511f0a5d25b06d59c80ebf673533c794857a2878c4268f8ab6bc0d2", "f8959ea32dd721657de2239c5d405df921c9501296c9f5e37a5125979a5cefdb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\<random, matching '[A-Z0-9]{8}'>", "value_name": "ImagePath"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "Start"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "Type"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "ErrorControl"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "DisplayName"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "DependOnService"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\TRUSTEDINSTALLER", "value_name": "DependOnGroup"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\rss"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\csrss"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\windefender.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Local\\Temp\\wup"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "csrss.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "windefender.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\System32\\drivers"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SECURITY\\POLICY\\ACCOUNTS\\S-1-5-32-544\\PRIVILGS", "value_name": ""}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Users\\Administrator\\AppData\\Roaming\\d12c99f7af77\\d12c99f7af77"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PROCESSES", "value_name": "d12c99f7af77.exe"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "DistributorID"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CampaignID"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SB"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PatchTime"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "PGDSE"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": null}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Firewall"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Defender"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "FirstInstallDate"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServiceVersion"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "SC"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "VC"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "ServersVersion"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSCaption"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "OSArchitecture"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "IsAdmin"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "AV"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CPU"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "GPU"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "Servers"}, {"hashes": ["19e97313de65543b319eb1e33017838a21f612433313b7a8fb1f9e55b33bcb4c", "235e0ab0483a7a3f6cb4301f18f359517e12120e1acfd19cd814252cde5733d2", "4bf5bfc12f933592bab637fb825fa72b2cb0776a335eb58277b0da6516b6903e", "5ff0f54021bc0f323966b4cc5096f165f567b16160acf1cd2ec910607ea2a566", "88eda80430871b914abd7729a2a43ce5a096f38af9077ec4dbfbef6e736b0ae3", "c9117b3b386e2ccfc877b89b3119d36258a89ddc1979decaef09e4f305107845"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\A1890984", "value_name": "CDN"}]}, "reports_count": 80}, "Win.Packed.Dridex-9776370-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "memory-execute-readwrite", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "modified-executable", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-section-execute-writable", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-fast-flux-domain", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "feed-domain-banking", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "artifact-windows-task", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "registry-autorun-key-modified", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "potential-registry-persistence", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "pe-tls-callback", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "sample-pe-modified-on-disk", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "malware-compound-cta-activity", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "task-manager-disabled", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1499"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "windows-os-reboot-detected", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-header-timestamp-null", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "sample-modified-deleted", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "malware-dridex-detected", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "url-pastebin-service", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0011", "T1102"]}, {"bi": "possible-dga-communication", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0011", "TA0005", "T1483"]}, {"bi": "hook-installed", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "imports-IsDebuggerPresent", "hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-vm", "hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "mitre_attack_tags": ["TA0005", "T1497"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Dridex is a well-known banking trojan that aims to steal credentials and other sensitive information from an infected machine.", "hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48", "63f27ec99b518c2542ee4906b285bcf19349b4507ea9a70db9a565b5c89f3352", "654534aa096c29f84c42905d3574ed521dd4b1be56629c37818baf8d8a2cd68f", "70597218e42e473ecf61be72eb76ec5a85a905d12dc32cccc53ccd0aa4a5c7ab", "70d4cad80298440d3f0f7b623cd160bc47ee5a053981c563bd7762a5e6129af7", "71e130db49fba9e86a6ecf34a22cd4e9fa3ce09229f0ed9f66349632c3b6f7c0", "7915892964b06cb056f16c00293d96fcaf50e58488d6becd37b4998549d408fc", "795b323de2f1ca2fde89169f014618a4ee0e48b5fd7056fd566638a0e32a976b", "7f833bab264d13a9ece8ac3dea92e16d6513fea5175b7861654e9ca7d89a231b", "81520acd2f884dac70edab66de74381a7d630b70e6d51449bdedc1920bee6f4d", "82dac8f15e7c72f1b164d7a9dbf46375e2657da6e14837935d319ebe1ce8f43b", "8638154dfd4a8a04c9f4ff8b95e444d2ffa6a6ab0084849c8fb48611b94b761e", "864c62621040668375ca2ec3925f40bb23fd7de53699830c4ff79cab02d96ebd", "8bdfdea5e3044d768c17b89e6cb108533fd2bab1a157ab157bfbbe15b39f0e83", "9209a58b90181a409cfb823dff4fd49f9b2b7e254b1ed45af7f0c3e9244b0d20", "9371f3afbff3213b546fd844b0dee46f75ec80e83a3815b81161530df877be9e", "98ea470dbfa69d90ac1343208542fa982f856fcdb813b65efdbe573271c8a9dc", "9fbad94ddd8e78f2d555d3a5b4f2152ba864093eaa2ec958da7cc330d88b7d25", "a3c50eb9c3c236777f885f174987c203c7a5c49c857cd7bc96e19ff075803a9d", "a549504838555cdc3b80d2a1f377661fdc43dc2f74fd04e50ec2dcc0031b1759", "a713dfecf1daa7c58180fda5fddb087a8a2fbf20453c0f8c25d93ddac2d54ac4", "a7fa09854c1fd2284c7ebc2f0b262e415d84710a1e891a04547b6773cda8a551", "a84d4b7d7c8c5242ac564f66f9b12e71f783fe79451a01a1229d9acc85eb128f", "ad08fa99b40fa763b1a35c060600bdcb56d9159e701c8f2dcdc6c4f3574677a8", "b1f567033628accdfb6cb4c3e1ddbd391d0040f45b5524a3f84787a121e432bd", "b67763197af267ab46596533538b2966ce3b47430fbf463b0801084285c8f7f9", "b7c12a90fb90586338399ab21788009f8183f73d6f736e5663de20d153f91f0e", "b83033dafa35d124276550629fe5979382e8e30a3315eb10d37398c079e88c81", "bca3953aeab5cdc5e3c94b3db9c2005704d83ba7dd4dafa4ba8230bccae254be", "c4cfb4676971af39a5accc021aa696ed817104d0b11b50e6e0183f2a5e2272e9", "c9ef6e291ffb9fce3fb3284364cbec219557e9a44ec2f8c9e6f17458e3419905", "cd1fd4d64e826ed8871cf9fd5241f06dc7985a3949987b3672ecaf077f33e010", "cf77d3aad07dd59d4d52c492bb91cd30f397257828b342dd07cf68c4562fd5d9", "d11e39f4fa9db09e2369a58099bfaf717ec2f69fb2bd72a4de715753dd4eb0e4", "d3d842812f22530db46ccce45e7892cfac3e9b2e66c8179974a70cb71c6e0772", "d51ca97a7cb0c2f713ec1611e4426b1a95fa7f2a5d4872a340b625e66ce4721c", "da44858728b8bfa97d7fe2a3bd0bb8be3a0c8808e37fe8d46eb8bdbd736156a8", "dd6fb5532fe1fb9558e6999b4011004b364ec75d6f8723bd8f56ad39a7ce8a1a", "e5f2055ac377f1bfad70739a1820a7b62a087e7fb4b4acb56c8bb750ae081fa5", "e68f35ac9652331c0a5bd066ac2466601f1c6b30024b0eebe9ef656e399df236", "e900112fb8cf5dd7426e55df31eeb9a80bba99864092ed5abae00166d043c580", "e957d5a6a8c521093eb1aa3332d2769fc4603160f03ac083547b7fdd063b0956", "e9660968662c7775a72e7651912f8786cc0e3ae320f78c7c807c331365526b1c", "ec3dbe41d0143ca13e817b6a409d963b043944e3d6996214920e75effd225f66", "edec64ade8410956f8153906300aeb76669ecfb468c23d91b753419736f650f4", "f024ab5bb39df99027ac50545c592af795379ff0a6fe381e46dd8de5bf86952d", "f5908d07ca319498977c5ddeaf18293470a75f8e74e1787b83b89227e1398a35", "f83514a143fbdad8fdd5910d1f707d43c24feab8e75dcabfe2ee56f212b8bd0b", "f9ece2cbdefd27f60f8dc4abe26f33583ac61367ff2617a7030742c248448e73", "fb0fe476339d4518383154bbeb9a8677d6668bd3206d3910b356119e43846cd8", "fd1ab723e0082e379a8c56e93b9118ec11a6dd9f15fa3c337b06c090d598240d"], "iocs": {"domain": [{"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "host": "pastebin[.]com"}, {"hashes": ["088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "host": "www[.]dwir95r7lx[.]com"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "host": "www[.]nebzvmv0km[.]com"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "host": "www[.]at0gjuf9f9[.]com"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "host": "www[.]a4v8cngiue[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]s3zcpvwy40[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]yuoravluek[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]2otoezi8ft[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]r10dvot7bi[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]kxs2x93bos[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]0brofwnnbx[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]6axcgvzeuc[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]5470ezrlqr[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]4rge2mddbz[.]com"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "host": "www[.]etdcdbn9si[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]kevogqdyyt[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]o3ivqjfjjj[.]com"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c"], "host": "www[.]qntrvj4imw[.]com"}, {"hashes": ["489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575"], "host": "www[.]fm2urnafdp[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]tv27wsrp7o[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]pcxhgigv3j[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]lluc8zkkv3[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]hmnmqhwz2a[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]ufk6gerd4p[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]zld3uatbgr[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]ktuciyyvuj[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]wm91d1drrh[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]qufmf4mcua[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]kj46zku9xy[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]sojhig7onz[.]com"}, {"hashes": ["56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5"], "host": "www[.]5lc2utgnwh[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]cmszaaayog[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]jkjtg4tluf[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]o3gbvopqxb[.]com"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "host": "www[.]ox7ajjdpt3[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]9pyho3q235[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]a1emxuaqrs[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]07jlsubf9n[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]ubbiovkqs7[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]ztuadvg3gq[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]m6hweureci[.]com"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "host": "www[.]yczjpjaxp8[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]ehiibjrrpq[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]4zyjpdm6at[.]com"}, {"hashes": ["5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "host": "www[.]ww397uolt6[.]com"}, {"hashes": ["6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "host": "www[.]7yvymussjl[.]com"}, {"hashes": ["6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "host": "www[.]os2poa0dzc[.]com"}], "file": [{"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "path": "<malware cwd>\\old_<malware exe name> (copy)"}], "ip": [{"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "ip": "172[.]217[.]10[.]110"}, {"hashes": ["0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "ip": "104[.]23[.]99[.]190"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "ip": "104[.]23[.]98[.]190"}, {"hashes": ["0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "ip": "173[.]194[.]204[.]138/31"}, {"hashes": ["0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "ip": "173[.]194[.]204[.]100/31"}, {"hashes": ["088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "ip": "23[.]3[.]13[.]154"}, {"hashes": ["088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "ip": "173[.]194[.]204[.]113"}, {"hashes": ["4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788"], "ip": "23[.]3[.]13[.]88"}, {"hashes": ["0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889"], "ip": "216[.]218[.]206[.]69"}, {"hashes": ["4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00"], "ip": "172[.]217[.]197[.]101"}, {"hashes": ["44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d"], "ip": "173[.]194[.]204[.]102"}, {"hashes": ["4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00"], "ip": "173[.]194[.]207[.]105"}, {"hashes": ["4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00"], "ip": "172[.]217[.]197[.]94/31"}], "mutex": [{"hashes": ["408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf"], "name": "qv0Zk1TE8z"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "3geEzUvDSm"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "9PuVjsTunk"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "AExohw6chU"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "LqkiDOOuVm"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "QpsrvsMXav"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "Rru9sFPNk2"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "em1kia7UgL"}, {"hashes": ["50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40"], "name": "zVxwpac899"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "0OUWBUr4FV"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "TWL8Zg664j"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "bEaUTx9TPq"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "c2vGxebf2w"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "uVNJh8qi6y"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "veVGARYxef"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "w6e8Pm37vO"}, {"hashes": ["5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add"], "name": "wqKR9CoJfz"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "PE1Wguwh6v"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "1Eb8vVOmiF"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "q7HPx7p5v4"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "IctUkwdmMV"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "g0UFoyNGe6"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "hbE0gPMgbJ"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189"], "name": "vUVAWD5xtc"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "name": "02H0oP1Yd3"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "name": "cHqf289ogH"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "name": "pDmxVfDiI2"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "name": "aSLTMPDWQx"}, {"hashes": ["1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451"], "name": "XXDqDE6VMA"}, {"hashes": ["29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6"], "name": "27jIwV2HCN"}, {"hashes": ["29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6"], "name": "uPIy7zpPey"}, {"hashes": ["29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6"], "name": "hDSNjDsc1q"}, {"hashes": ["29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6"], "name": "jqcMVL9lMv"}, {"hashes": ["29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6"], "name": "sMpBK02CHA"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "DME5w3i1nG"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "AQJ2HFqexi"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "GUzEsrb1uc"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "bYmtT2UoR7"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "kzuBn5Y5T0"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "gkIiH9HBIK"}, {"hashes": ["3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a"], "name": "8iCXhD6mvD"}, {"hashes": ["0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b"], "name": "cQ4XhM8x0x"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "BHP7D4qJ2r"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "DObFbfNIKQ"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "oLxFRw7aIH"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "Jiv9Owd82g"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "R5KYEJ0lqB"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "W3q4YNO4bf"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "ZsLm85E6Eu"}, {"hashes": ["5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442"], "name": "W0U6Pnewu4"}], "registry": [{"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "trkcore"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "DisableTaskMgr"}, {"hashes": ["001b67330a3a39977ad6e2bfd60dd0420f467948f632d0086b965e7cb0aad189", "00f7e8018adc3a72debe7426b551a0c7e60f55563090c714cf70033011e34371", "088a6c8608f43ca29d92c420bd2c2827f743f09b4a96587cfdeb9ebde63f78a7", "0bbc8f3445755822102b1f5df2307ee1105cdf88bcc34806ff33d028822c3889", "0f3fb51d48c0bb09d54452c28ca4d3a46f3607daf9dbcc2db0da7b3422147f5b", "15524d542e9913e716db2b93a930ba2fbd8b72e42cceb66b8cd21623b20cc2bd", "1a8bf1123a93a97ce01d01ebde971db5d0f8df7236aac3976e98828eb6fc9451", "29664c67c00d75eba029684967df7437eb7b47e73709c98a7490a7047f04e4a6", "2e4e6f8dde0f6421d3282b9d4cbbd85e188be8f4af5fe99f98b04cbde16565da", "3018e4ee9008cebda5a9b3ddab088796eceb21d5c08edc33a90ce0fbfd97e34a", "376a9e0d9d381f1bd3ba826cea641fab2f48292e997938e71f96dc0533b25492", "3e7c3ae58cea13778a5848539fb502b4d508858176b3978c7c01c78bd9fb4002", "408d06d0159fefb4bb39e8f4073a7a08192c9a1956f45ba82bbaf79366772cdf", "44ff9dca7883258e206d52859ac7cb314ae208efb645e626010993fe8723722d", "489bddd788d5a361ad3cad279dc739320dec8fa175e2e44590681d8793edd575", "4cdf508b6de5bc22decf0ad3ce710f5136a7c99583af67b18593d19ddf3db22c", "4d44e86d2ee7599f90d01da6f336f2cb743471e70af9a523972cfd08df466130", "4d6456c480a372d6c054690ffb23e921b5fe44a0b552307e34edbd31f2eeb645", "4fa9f09b42eca4b5b80434c705569de9923da74a524cb5b5fd44dbd954202a00", "50a877f11021b43c6988199e0751302e310d48ba0798fe8c1583a3591021ac40", "5381ae7e22ddd84f61eb38fdaf3197a734c6eb2625862d2dc6697fab40936442", "56924db7d3f39a229b6d6bdcf0d1fc3f83ccea863e7f0a06126cead76a61ebb5", "5b287c60ff17d5c080d9b5922f630455f0a3b2a48cb451ca9f0959b67ab57add", "5b2afb6d15b94d38ac55e3671023faa66392379f67e673259c168b82d650e788", "6112acd6d997db13e0ead13e6a9805880aac44926554162b3b3ea904da53ce48"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.CHECK.0", "value_name": "CheckSetting"}]}, "reports_count": 25}, "Win.Packed.Gh0stRAT-9776529-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-snort-protocol", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "localhost-ipaddress-detected", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}, {"bi": "pe-dos-header-pages", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-dos-header-relocations", "hashes": ["4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33", "96aac15b3bce1cb809ff8bf536d88d0ab776e8eabfc969d7647b4e349751ca26", "991ee5ada2159593b30c042d756bf1dad1ca88b291aadb1c288046e1a80dab48", "9a8bdcc1abd438987b57e89c3ce65f6f44bf4ac36adbc0b57acb88bbbbaced72", "a02c2f03bac4a1faf5f9d6abd54f76a259b74dbe7f6f27f9847601fb0d9fee0f", "a435a47488c7e94d3492ec05ffd2fe6cfbbad4f077627cec6a971c21a8c21070", "a4f2f56718cc80636a631a20feb3fa2c07bf136d2b0d5fe3afaec4adf84c1c84", "a66e12802f3963aa9b0b1dde5db32ee89bccfe2b28ce52cf3516f3a933d4c135", "ab149a779b7013803dccf904c703cd20878e3b77bca45040ad87d69d6fc3de69", "adee6142c47cc9c6bbedb255b8ad55cf76608da22564639a44aab242ff0442cf", "ae5fa7f6f400f495e720af8c95ed7df7eca19df877fa942f5b7db2f85e50e19f", "b345e05b4e1e654da0863734c5438b42a4d2cbf7324a1ee505bf92f874b341c7", "b98c51b369cee537e9fdf85b4140cb2058cc2f5f4749515ded181bebfb064fd8", "bfa99b04249903137cb39f43c1ca8296666914b4206d594d7b33157a7d526826", "c45956cfde55590e1009b5facaaf89b31d8b4d1365f4843984dcb0a10875f3bc", "c8ecdb93c369ba8130d132203d76c9da383f7773694ab7990112fd501db74bfd", "ce8d2b8759a086f463a3252ce19baa18473fb33aa2baa4b43d106e1b233b6710", "dc6b71be9ccae43ab7bea69d397773cf14ab68b952954cafbd501699a253d90e", "de6cd020f6b1a4cc42f1b6c135ea181dc14a47f7747c3e2d895ffb65c63450e4", "ea0844f6a1e7990b6b1548a0ffa349dd27d858fa0a120efb0cfeccbd924ed689", "f07bebd3447db09c7ee7076d7e36b9403a21124af44e29f76594efa36be03ce0", "f07e117bcbc5c2ce5c9a0fc39445bee047f58e4fae0aebbdf662b8663bb73825", "f0eeef501e0a3ad3fe2e6646f51c65c25514fcf2c02fb21ea9d356198b2cdf52", "f41cf8aca0a957b2bff50f8977d2f611263a2811923eb96f6a39c66c5359b619", "fa850dedbfffcba8d3d811e09da6e331ce853e81cf75b4ff25e379f782de7e73", "fb6db153fe0886d5284ac278b5187d8460a6d385f4ba748de1b8cdc288716037", "fcda7c97604ec28fda32145777a9ee1f3de976e32904039978c8309c17dbff8e"], "iocs": {"domain": [{"hashes": ["086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "host": "xmrminer[.]f3322[.]net"}], "file": [], "ip": [{"hashes": ["7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "ip": "122[.]114[.]28[.]118"}], "mutex": [{"hashes": ["086a43e783b6301d5758f43bce59a71908c7beb9f31afd3c88bde7d89081db6b", "0b69637677363f8765ef59d4073f10c19db3e6eda763fee1a4680bc61a5a5945", "18d500db9d5d870bbca3ed50670ad6e259003592dc61ce372d7626b6acf5989f", "1e3b12941b0f169ad30bc307350172e2c3b346541e379bc8a1c98e0aa625f0ba", "1eb49a10b3992a8d7a95108f6e48e0ca482aebe5f56e5ad436b87c4c3e4e13ee", "210377d50800161c63db7068f7224b7f7e18d3fd739d15a1b77f2bef091adc79", "24911cabb1d9b217f00e6dafdb6607c6c01c073f2f6e23605ff5fc8f2a44ccea", "32bb54dba512c34638c104e41ceeac1083ec83d5958616775e7fc9009f8abfba", "397e9cbb36cb663e3117e3f577773d377df712ab208178c8e35c84a9a91da4fb", "3b3e40373cc7c1235a262683ac539c8f6efc902a6765d2fe8694c9e60dd46e1b", "41125961b0048ffe6b29b121148deddd19f2f58887c64281422fef29ac1a3786", "424198f8dc6074042785e70a152dac8473bf6dafe9db158f8b94c444293cb55e", "4f723ee7efd7fae98d2d60de1265e387b436caf68cb2791b970c4a9ac1356c6b", "536afb2611a0363bbb675e6f32657e7db6dd05fad13b5dc066c9c427c2066a60", "54613784248cdfe8f41caddc0888270f2dbfcde9b1f666689d7bc50fa803975c", "5760976203c3ad7df17d2cc47c117cecd665662307c7a6085b7243ce769c101f", "5d478008dcf53e99a5ab7d795ccbb60943fc17510d8e3bb7416701e026590e20", "602fcadc6cbfd5ab1504bb17e29dab6ad4b00c0afd0b2e1e0207f44e79fadb2d", "73b6ce9667f67bb47f49ed5e21e9456fffab34d5cc457c9c83eba0fba23019c8", "7c7ccb06b03ceecc340775c5171401b4ec8a28e43b30149536a2f7236079c4fe", "7c95ba9702aee8994f1984ea219ff662f01d5cf6da61ffaef451d944f6aa9fe3", "8c19a55d2fd21ea8fb21e6e3bb9954e82fc90f052bb8f4537b939c07e57293d3", "8cad83a9d756c65c308f46753fed9e2214a139d93070ba82ddc367bb61dba887", "9131e51ffc8308856fd17b203819d0f06361fb3e91e145de8c00a3d9a807dd25", "95a60431f9aa43ed178df4a2f1b2ffb4a5768ca86d990cb02b5a622583d9eb33"], "name": "xmrminer.f3322.net"}], "registry": []}, "reports_count": 25}, "Win.Packed.Razy-9775377-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "hook-installed", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004", "T1056", "T1179"]}, {"bi": "pe-tls-callback", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-header-timestamp-prior", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "pe-section-shared", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "pe-encrypted-section", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "cta-static-analyzer-malicious", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "modified-file-in-user-dir", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "firefox-password-manager-local-database-access", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "enumeration-browser-information", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119", "T1217"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "file-ini-read", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": []}, {"bi": "windows-vault-api", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0006", "T1003"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "mitre_attack_tags": ["TA0005", "T1107"]}, {"bi": "feed-domain-rat", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "files-created-vbs", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "startup-folder-vbs-file", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "process-check-ucbrowser", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-generic-infostealer", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "T1083", "T1081", "T1005", "T1119"]}, {"bi": "created-executable-in-user-dir", "hashes": ["5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": []}, {"bi": "malware-nanocore-artifact-detected", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "mitre_attack_tags": ["TA0007", "T1082", "T1016"]}, {"bi": "unsigned-roaming-execution", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0011", "T1008"]}, {"bi": "process-long-cmdline", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "file-alternate-data-stream-modification", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005", "T1096"]}, {"bi": "file-alternate-data-stream-zero-data", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005"]}, {"bi": "benign-process-has-child", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005", "T1055"]}, {"bi": "dns-public-server-contacted", "hashes": ["7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "artifact-exec-extension-obfuscation", "hashes": ["255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "network-file-uploaded", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0010", "T1011"]}, {"bi": "network-http-numeric-ip", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0011", "TA0005", "T1071"]}, {"bi": "network-communications-http-post", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0011", "TA0010", "T1048"]}, {"bi": "http-response-client-error", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "malware-lokibot-mutex-detected", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "suspicious-user-agent", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0011", "T1071"]}, {"bi": "altered-sample-snort-flagged", "hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-communications-http-get", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "mitre_attack_tags": ["TA0011", "TA0010", "T1105", "T1043"]}, {"bi": "cmd-exe-file-execution", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "mitre_attack_tags": ["TA0002", "T1059"]}, {"bi": "pe-certificate", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": []}, {"bi": "pe-certificate-invalid-signing-date", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "modified-file-in-program-dir", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": []}, {"bi": "dns-bypassed-assigned-server", "hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-opendns-malicious", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "network-dns-malicious-snort", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0011"]}, {"bi": "altered-sample-dns-flagged", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": ["TA0005", "T1102"]}, {"bi": "network-dns-upload-file", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "malware-guloader-traffic-detected", "hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0011", "TA0005", "T1065"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": []}, {"bi": "firefox-cookie-read", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0009", "T1005", "T1119"]}, {"bi": "files-created-batch", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0002", "T1064"]}, {"bi": "process-taskkill", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0005", "T1089"]}, {"bi": "malware-grandsteal-file-activity", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0002", "TA0006", "T1059", "T1107"]}, {"bi": "process-choice-timeout", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0002", "T1204"]}, {"bi": "malware-grandsteal-network-activity", "hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "mitre_attack_tags": ["TA0007", "TA0006", "TA0009", "TA0010", "T1083", "T1081", "T1005", "T1119", "T1020"]}, {"bi": "artifact-flagged-malware", "hashes": ["06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc"], "mitre_attack_tags": []}, {"bi": "malware-agent-tesla-detected", "hashes": ["06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc"], "mitre_attack_tags": ["TA0009", "T1123", "T1125", "T1056"]}, {"bi": "malware-agent-tesla-av-detected", "hashes": ["06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc"], "mitre_attack_tags": ["T1219"]}, {"bi": "network-snort-server", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "mitre_attack_tags": []}, {"bi": "artifact-windows-task", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "mitre_attack_tags": ["TA0002", "TA0003", "T1053"]}, {"bi": "network-url-tracking-service", "hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "mitre_attack_tags": ["TA0011", "TA0005", "T1102"]}, {"bi": "malware-quasar-artifact-detected", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "mitre_attack_tags": []}, {"bi": "malware-quasarrat-mutex", "hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "mitre_attack_tags": []}, {"bi": "pe-packed-upx", "hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "audio-video-mutex-detected", "hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "mitre_attack_tags": ["TA0009", "T1123", "T1125"]}, {"bi": "artifact-memory-vm-detect", "hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "mitre_attack_tags": ["TA0005", "T1497"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. This malware typically collects sensitive information from the infected host, formats and encrypts the data, and sends it to a C2 server. In this case, the malware is functioning as ransomware, encrypting files with a .png, .txt, .html or .mp3 file extension.", "hashes": ["06ad7352e8df2766524e159ceb405d0f3fdf2906bbc5b134e7c9caed881ed8fc", "16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf", "255be6fc1b75b14337d3c047df8a531d08d4e8866e21b05061137ccbc3905dea", "4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571", "5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa", "7200b362dfb336483d716fbbd84930894e5c8c28acd6a2ceff2b5da5cd3894fc", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118", "a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a", "f4c18b1462a5749f2b85902b78b12e5209bcbcbb29aa767d3500e1c1189f6dc1"], "iocs": {"domain": [{"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e"], "host": "finlandmc[.]com"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "host": "ip-api[.]com"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306", "a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "host": "ctldl[.]windowsupdate[.]com"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35"], "host": "cpanel[.]com"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "host": "apps[.]digsigtrust[.]com"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "host": "apps[.]identrust[.]com"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "host": "elb097307-934924932[.]us-east-1[.]elb[.]amazonaws[.]com"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "host": "api[.]ipify[.]org"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "host": "cs11[.]wpc[.]v0cdn[.]net"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "host": "iplogger[.]org"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "host": "ubanano20[.]ddns[.]net"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "host": "a767[.]dscg3[.]akamai[.]net"}, {"hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "host": "pklz[.]xyz"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "host": "dailyupdates[.]theworkpc[.]com"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "host": "judge777[.]ddns[.]net"}], "file": [{"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5"}, {"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs"}, {"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\Logs\\Administrator"}, {"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\D19AB989-A35F-4710-83DF-7B2DB7EFE7C5\\run.dat"}, {"hashes": ["509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e", "bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\24E2B309-1719-4436-B195-573E7CB0F5B1\\run.dat"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "path": "%APPDATA%\\D282E1"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "path": "%APPDATA%\\D282E1\\1E80C5.lck"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%ProgramFiles(x86)%\\AGP Manager"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%ProgramFiles(x86)%\\AGP Manager\\agpmgr.exe"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%ProgramFiles%\\UPNP Host\\upnphost.exe"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "path": "%System32%\\Tasks\\TASKDIRFORTASKCREATE\\TASKFORTASKCREATE"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\Remove.bat"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%APPDATA%\\GvFndnBatchX2\\GvFndnBatchX2.exe"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%APPDATA%\\GvFndnBatchX2\\GvFndnBatchX2.exe:ZoneIdentifier"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\GvFndnBatchX2.vbs"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\mlopq.vbs"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "path": "%APPDATA%\\zxcvq\\sqdfg.exe"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "path": "%APPDATA%\\zxcvq\\sqdfg.exe:ZoneIdentifier"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "path": "%APPDATA%\\Logs\\10-08-2020"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\eeue8tyr.0.cs"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\eeue8tyr.cmdline"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\eeue8tyr.dll"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\eeue8tyr.out"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\RESA89E.tmp"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\CSCA89D.tmp"}, {"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\vchost.vbs"}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\audio.vbs"}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "path": "%APPDATA%\\game\\game.exe"}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "path": "%APPDATA%\\game\\game.exe:ZoneIdentifier"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_16_15.4356000-05_001212"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_16_23.8128000-05_001212"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Oym3vVHHARWqgt4P.exe"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\Edv8UbitQpsHstAJDyvj06y9jiNp9FnLYUxjlQ.exe"}, {"hashes": ["5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\rPdtxX1NImGpSfTH.exe"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\YTUIO.vbs"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchosts.vbs"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "path": "%TEMP%\\r79bbjdh.out"}, {"hashes": ["5d7c904da62fd0e06c2bfa07a4e28514e73f1fe40a2bc41e7ed0bb73347042aa"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\wWMXOsREb1cDbtLB.exe"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_25_48.0707789-07_001212"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_25_52.2114141-07_001212"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_26_22.3364752-07_0088"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_26_23.6802298-07_0088"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_26_23.6958530-07_0088"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%TEMP%\\tempDataBase2020-10-08T13_26_24.1958547-07_0088"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\fOkFzULHiAOnP6Nw.exe"}], "ip": [{"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e"], "ip": "5[.]231[.]208[.]172"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27", "8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "ip": "208[.]95[.]112[.]1"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "ip": "88[.]99[.]66[.]31"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "ip": "37[.]235[.]1[.]177"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "ip": "37[.]235[.]1[.]174"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "ip": "192[.]35[.]177[.]64"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "ip": "72[.]21[.]81[.]240"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "ip": "79[.]134[.]225[.]69"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "ip": "79[.]134[.]225[.]77"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "ip": "185[.]244[.]30[.]148"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35"], "ip": "195[.]69[.]140[.]147"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "ip": "23[.]46[.]238[.]193"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "ip": "184[.]73[.]247[.]141"}, {"hashes": ["dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "ip": "104[.]28[.]5[.]170"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "ip": "23[.]21[.]109[.]69"}, {"hashes": ["a2b6095c45460733b8abddc5568ffc5f3090f9d6e3d2bb435eeaa81dd99a5296"], "ip": "50[.]19[.]252[.]36"}, {"hashes": ["530a9cd4b0b789fa5ca4290b7295d2c02deff78de3eb7fbbc2f9e78ebd998b27"], "ip": "45[.]142[.]214[.]109"}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "ip": "185[.]244[.]26[.]214"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "ip": "129[.]205[.]113[.]226"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "ip": "79[.]134[.]225[.]45"}], "mutex": [{"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c", "509f65635f1ee1a9d7907944dca2f9671f29c9bf72e9546d04141b2d074696ac", "7de531a94dffa3e9402b48e51640150d672a61ac3955727b93b85260dc77039e"], "name": "Global\\{b7c5d67b-f577-4d35-adc7-6994a8049b53}"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35", "dd9c191d56c856c10dbfaf044fabc224f4f0b500821552a8f1a9c6b8b0eaa218"], "name": "3749282D282E1E80C56CAE5A"}, {"hashes": ["bd2cc506c957ff052800919a41bdef128dfe530a1713dbaabae4d98ce6344c35"], "name": "9DAA44F7C7955D46445DC99B"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "name": "Global\\{a039597e-730f-4f99-80a0-3fc9d9f01396}"}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "name": "0f2edf0cec8246d2a8b4bec33606ed52"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "name": "QSR_MUTEX_rVn0OUE8f1tzJgSd1f"}, {"hashes": ["505d2d03509ee090cd93eafe0f014f664e03721cc27f7c8a56735e8329fd5306"], "name": "1FbCZ4b926z65MjMq8coMhXqm8pXuRvLxEclipperrorRER1233326FDSH123"}, {"hashes": ["8447b866a7df3c93b8fb34e3102c91fe98d9a3f70725d854d27ef64975eed118"], "name": "\"C:\\TEMP\\674b6b071bc03e9e95abcdc930f6df18.exe\" "}, {"hashes": ["16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf"], "name": "\"C:\\TEMP\\16cbf284ad8ba39cd8660caf5c96b659da01c48d227faa9c0b19ab73877b93bf.exe\" "}, {"hashes": ["4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c"], "name": "\"C:\\TEMP\\4f40d0c6e41b42bcd713138009c76d2ce4b43f0b869c53ff8760e3803e8d652c.exe\" "}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "name": "\"C:\\TEMP\\573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571.exe\" "}, {"hashes": ["573a4ac703fcb9aff145a3d56ec9fbb34af2d260d1523858f838c4ccdb653571"], "name": "cf2e49d5189c25536738c7da064894bb"}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "name": "\"C:\\TEMP\\bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322.exe\" "}, {"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322"], "name": "Global\\{2f901924-92c3-4b7e-a0c7-7b8fa4d2fdb3}"}, {"hashes": ["e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "name": "\"C:\\TEMP\\e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a.exe\" "}], "registry": [{"hashes": ["bd071330fde9d2d39058b1c36af731649b49c816a619d98ce59a29f250956322", "e561e60e52424d0b332e924758d04a3079e62e26cd816daff2f6bfbace32728a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AGP Manager"}]}, "reports_count": 18}, "Win.Packed.njRAT-9775005-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0005", "TA0004", "T1055", "T1181"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "pe-uses-dot-net", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0005", "T1016", "T1089"]}, {"bi": "netsh-firewall-add", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "registry-disable-open-file-security-warning", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0005", "T1112", "T1089"]}, {"bi": "registry-parseautoexec", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0003", "T1112"]}, {"bi": "malware-trojan-njrat-registry", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0005", "T1112"]}, {"bi": "malware-trojan-njrat-detected", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "malware-generic-dotnet-trojan-uses-random-guid-mutex", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "network-dns-safe-categories", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "network-dns-category-dynamic", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "modified-executable", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "mitre_attack_tags": ["TA0005", "T1202"]}, {"bi": "process-long-cmdline", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": ["TA0005", "T1027"]}, {"bi": "firewall-exception-user-dir", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089"]}, {"bi": "pe-invalid-checksum", "hashes": ["b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64"], "mitre_attack_tags": []}, {"bi": "startup-folder-modification", "hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "dns-dynamic-domain", "hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "artifact-windows-component-suspicious-creation", "hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014"], "mitre_attack_tags": ["TA0005", "T1036"]}, {"bi": "registry-autorun-key-temp-dir", "hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "feed-domain-rat", "hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}, {"bi": "modified-file-in-system-dir", "hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-system-dir", "hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "compound-netsh-firewall-add-windows-directory", "hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "mitre_attack_tags": ["TA0011", "TA0005", "T1089", "T1036"]}, {"bi": "dns-query-nxdomain", "hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-data-dir", "hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "mitre_attack_tags": ["TA0003", "T1060"]}, {"bi": "unsigned-roaming-execution", "hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-protocol", "hashes": ["435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "njRAT, also known as Bladabindi, is a remote access trojan (RAT) that allows attackers to execute commands on the infected host, log keystrokes and remotely turn on the victim's webcam and microphone. njRAT was developed by the Sparclyheason group. Some of the largest attacks using this malware date back to 2014.", "hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f", "ffc0b59afe82316c0c39d3c5ca58a0ce1f517e022f25c338faf2498087f56d6f"], "iocs": {"domain": [{"hashes": ["31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c"], "host": "softnetdos[.]no-ip[.]org"}, {"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a"], "host": "khaled39[.]no-ip[.]biz"}, {"hashes": ["435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "host": "imsara[.]dynu[.]net"}, {"hashes": ["c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "host": "karem[.]no-ip[.]org"}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "host": "nourj2002[.]ddns[.]net"}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "host": "chabbilal[.]servemp3[.]com"}, {"hashes": ["38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "host": "arseisa[.]no-ip[.]org"}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "host": "redprince[.]no-ip[.]org"}, {"hashes": ["12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9"], "host": "sawaaa[.]zapto[.]org"}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "host": "etoile85[.]ddns[.]net"}, {"hashes": ["684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5"], "host": "jou7a[.]no-ip[.]biz"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "host": "mido[.]linkpc[.]net"}], "file": [{"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a"], "path": "%TEMP%\\svchost.exe"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9"], "path": "%TEMP%\\server.exe"}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "path": "%APPDATA%\\svchost.exe"}, {"hashes": ["684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5"], "path": "%TEMP%\\system.exe"}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "path": "%TEMP%\\cmd.exe"}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\cmd.exe"}, {"hashes": ["12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9"], "path": "%ProgramData%\\fefid.exe"}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "path": "%SystemRoot%\\netsh.exe"}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "path": "%TEMP%\\serve1r.exe"}], "ip": [{"hashes": ["435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "ip": "41[.]102[.]39[.]1"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "ip": "41[.]42[.]68[.]235"}], "mutex": [{"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "name": "<32 random hex characters>"}, {"hashes": ["31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c"], "name": "dcf85917ab8c5b61c254cbeefa6bf578"}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "name": "cmd"}], "registry": [{"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKCU>\\ENVIRONMENT", "value_name": "SEE_MASK_NOZONECHECKS"}, {"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9", "31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5", "783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff", "7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a", "e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c", "f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd", "fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "ParseAutoexec"}, {"hashes": ["31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c"], "key": "<HKCU>\\SOFTWARE\\DCF85917AB8C5B61C254CBEEFA6BF578", "value_name": null}, {"hashes": ["31754a3bae68fd636bed62d342cc380a5eabd6e45ea7588729ba790a8198d985", "40806048e6fd3ea240f36c4d6c8076e07f1b609e10770aa1c5ed785e9541f464", "48fdb5b6671fec8d9c5ab04c197f39f904e9da4f2a575733a613bec6357855eb", "495556e1fe9a4a5329b05b6a34b22b61174f6abae0f66976cc19bd02203d0253", "6357268318677115b7d467602ef5f4dc4ad6134d52f33221147b905894953f64", "926d76f6143d782690a0e9c39e7022854c982d24a30f374da45184f75d3802db", "a5683bafd10956d103dfc8f2a33491790800481da766c729b229a8f4f2ae088c", "b981a8c149990487a1fc868bad58d4aee1bf7644a5449c50c7f11bded7b4b360", "e728ab793b17fe04c166074747720a74dc5585d9f5739719ab4acbcfa6ed0669", "ed4d9b68035a737ec7b16396a1a47572e4d6692d2714ae2681cf259aac94df2c"], "key": "<HKCU>\\SOFTWARE\\DCF85917AB8C5B61C254CBEEFA6BF578", "value_name": "[kl]"}, {"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a"], "key": "<HKCU>\\SOFTWARE\\90B2434F3ECE5313178BA9B0027DAA86", "value_name": null}, {"hashes": ["0688af91de8a61286262dc8793059d20b23b9f1f9cef6f24691689806ee74014", "88c9bc1352c7719dd1e72dce8f25424ef3102d084fc51e790943cda099137f09", "d378cf79077da04069a0d2a37fcf9c30a50f33edee20d6fcea6efa1afe07e16a"], "key": "<HKCU>\\SOFTWARE\\90B2434F3ECE5313178BA9B0027DAA86", "value_name": "[kl]"}, {"hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": "[kl]"}, {"hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "279f6960ed84a752570aca7fb2dc1552"}, {"hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98"], "key": "<HKCU>\\SOFTWARE\\CF56EE275CC59274062DC1B03224CA99", "value_name": "[kl]"}, {"hashes": ["e17dad29f9e124a53978f250bfc6498db5d4c5ea5bbab55958dddafacb4ac0b9"], "key": "<HKCU>\\SOFTWARE\\279F6960ED84A752570ACA7FB2DC1552", "value_name": null}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "key": "<HKCU>\\SOFTWARE\\5F7D1D941484D5F928FCE4D10EE1D4B4", "value_name": null}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5f7d1d941484d5f928fce4d10ee1d4b4"}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5f7d1d941484d5f928fce4d10ee1d4b4"}, {"hashes": ["783cb391648b7354cf89983fa86176876d74f9c08a209dc5408217e0d21055ff"], "key": "<HKCU>\\SOFTWARE\\5F7D1D941484D5F928FCE4D10EE1D4B4", "value_name": "[kl]"}, {"hashes": ["ab2f8aec0cc00f9b6b8bcdb0d75d1f43d9944f86c7d5652ba4c2fac807790f98"], "key": "<HKCU>\\SOFTWARE\\CF56EE275CC59274062DC1B03224CA99", "value_name": null}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "key": "<HKCU>\\SOFTWARE\\CMD", "value_name": null}, {"hashes": ["7a7249ea33a800883d0cabf880abba858bc9a9d34e58a85bbf67be84a889f21c"], "key": "<HKCU>\\SOFTWARE\\CMD", "value_name": "[kl]"}, {"hashes": ["435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "key": "<HKCU>\\SOFTWARE\\45378FAB7904E257E11B9F51F98B8EBD", "value_name": null}, {"hashes": ["435061f10fc7fb9bb2fd0c6dfe893b2aa1eb3f22ff2e63e85529a110b7824755"], "key": "<HKCU>\\SOFTWARE\\45378FAB7904E257E11B9F51F98B8EBD", "value_name": "[kl]"}, {"hashes": ["38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "key": "<HKCU>\\SOFTWARE\\88108416B573A8CBCD201FA5911501FB", "value_name": null}, {"hashes": ["38b3c5aa27fcbfc082dc770cead2014f985419a689e7c6a5155d4d2acdb8a1ed"], "key": "<HKCU>\\SOFTWARE\\88108416B573A8CBCD201FA5911501FB", "value_name": "[kl]"}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKCU>\\SOFTWARE\\04E89D4DCF58F2A8D6444CD714BCEFA6", "value_name": null}, {"hashes": ["12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9"], "key": "<HKCU>\\SOFTWARE\\502E14A835CA50F7E3A72AE4E46A4AD9", "value_name": null}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "04e89d4dcf58f2a8d6444cd714bcefa6"}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "04e89d4dcf58f2a8d6444cd714bcefa6"}, {"hashes": ["12be53cf28956a78871ef209726cc278b0e22d466b65488dfdae0b4841feb8e9"], "key": "<HKCU>\\SOFTWARE\\502E14A835CA50F7E3A72AE4E46A4AD9", "value_name": "[kl]"}, {"hashes": ["fa421ae7ef693702067542426fe30f9f74799ed444bd82cee400abc8e23a033f"], "key": "<HKCU>\\SOFTWARE\\04E89D4DCF58F2A8D6444CD714BCEFA6", "value_name": "[kl]"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "key": "<HKCU>\\SOFTWARE\\0F03D47954137839095FC9B042755FE5", "value_name": null}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0f03d47954137839095fc9b042755fe5"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "0f03d47954137839095fc9b042755fe5"}, {"hashes": ["526c9bfa52ce5880ea967c31706c47bfcf9a3317b2184a061a50616b4294bbd7"], "key": "<HKCU>\\SOFTWARE\\0F03D47954137839095FC9B042755FE5", "value_name": "[kl]"}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "key": "<HKCU>\\SOFTWARE\\A6B0A73BE3679AA31395A82585AC6BD2", "value_name": null}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a6b0a73be3679aa31395a82585ac6bd2"}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "a6b0a73be3679aa31395a82585ac6bd2"}, {"hashes": ["f5633cf902863b6a3a5775794a2ec9a513e6ca7367374caf9a0c6c1deeed2bdd"], "key": "<HKCU>\\SOFTWARE\\A6B0A73BE3679AA31395A82585AC6BD2", "value_name": "[kl]"}, {"hashes": ["c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "key": "<HKCU>\\SOFTWARE\\5A044768894ED7D63A108A08D876C9E7", "value_name": null}, {"hashes": ["c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5a044768894ed7d63a108a08d876c9e7"}, {"hashes": ["c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "5a044768894ed7d63a108a08d876c9e7"}, {"hashes": ["c5270baa9d57818e7724106fc70c45630fd5f2440acd38f13203bf46611fc952"], "key": "<HKCU>\\SOFTWARE\\5A044768894ED7D63A108A08D876C9E7", "value_name": "[kl]"}, {"hashes": ["684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5"], "key": "<HKCU>\\SOFTWARE\\7FCE2C61E6A58B35905B9CC1A607399F", "value_name": null}, {"hashes": ["684a7b6feff7f131c02524f07f553df684bd5d6478811fa1d1f8c3ab0fee20c5"], "key": "<HKCU>\\SOFTWARE\\7FCE2C61E6A58B35905B9CC1A607399F", "value_name": "[kl]"}]}, "reports_count": 25}, "exprev": [{"count": 5068, "description": "Behavior assocaited with Fareit has been detected. Fareit is an information stealing trojan that can send sensitive data back to an attacker from the victim machine.", "name": "Fareit trojan has been detected"}, {"count": 3541, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 3266, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 1218, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 505, "description": "An attempt to bypass application whitelisting via the \"Squiblydoo\" technique has been detected. This typically involves using regsvr32.exe to execute script content hosted on an attacker controlled server.", "name": "Squiblydoo application whitelist bypass attempt detected."}, {"count": 420, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 414, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 383, "description": "Crystalbit-Apple DLL double hijack was detected. During this attack, the adversary abuses two legitimate vendor applications, such as CrystalBit and Apple, as part of a dll double hijack attack chain that starts with a fraudulent software bundle and eventually leads to a persistent miner and in some cases spyware deployment.", "name": "Crystalbit-Apple DLL double hijack detected"}, {"count": 273, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 115, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 63, "description": "The certutil.exe utility has been detected downloading and executing a file. Upon execution, the downloaded file behaved suspiciously. The normal usage of certutil.exe involves retrieving certificate information. Attackers can use this utility to download additional malicious payloads.", "name": "Certutil.exe is downloading a file"}, {"count": 55, "description": "Maze ransomware has been detected injecting into rundll32.exe or regsvr32.exe. Maze can encrypt files on the victim and demand a ransom. It can also exfiltrate data back to the attacker prior to encryption.", "name": "Maze ransomware detected"}, {"count": 25, "description": "A malware dropper has been detected. A dropper will download or unpack addtional malware during it's execution. A variety of techniques can be employed for the payload to gain persistence and escalate privelege if neccessary.", "name": "Malware dropper detected"}, {"count": 19, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}, {"count": 13, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 7, "description": "Tepfer malware has been detected. Tepfer is used to steal user data or download and execute additional programs. Stolen data can include FTP credentials, cloud storage service credentials, web browser cookies, and mail client data.", "name": "Tepfer detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-10-16T16:34:28+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Doc.Malware.Emotet-9774982-0", "Win.Packed.njRAT-9775005-1", "Win.Packed.Razy-9775377-1", "Win.Packed.Gh0stRAT-9776529-0", "Win.Dropper.Tofsee-9775522-0", "Win.Dropper.Remcos-9775269-0", "Win.Packed.Dridex-9776370-1"]}