{"Win.Downloader.Upatre-7601201-0": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "malware-upatre-detected", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311"], "mitre_attack_tags": []}], "category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Upatre is a malicious downloader often used by exploit kits and phishing campaigns. Upatre downloads and executes malicious executables, such as banking malware.", "hashes": ["02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332"], "iocs": {"domain": [{"hashes": ["02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332"], "host": "grupodolcearte[.]com"}], "file": [{"hashes": ["02e92a155d33c4ca944d13f25efc1cb64e18fe9a2f3343cb26abb1e898f03311", "20ca23453249306f1b2f7e36cbca3f7b99daced979bbc6131d6cb6950bfb739f", "23d112d78879dde9cd9f38b3de9b6fd41191a8a64d77734886b6e971fc0ca4cc", "3595f2059b5d2ac9c110fa15ec32b94da8fe9fb2937327ec5fcd60dcf0c7669a", "439a8dc0f85467bc1e34ea057e5f529aeea392a677db8e1fc2cd32a4b5c5011a", "79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1", "83fff77b45dab7b20920a22207a202cfeebfc4b0e19b1efff8ce1dac7cd2c5c9", "b3368d3532c08ed8fd83aef55d0d10d55479c686a7b9659f598772c17abe2919", "b4679d7520c1769e1bb4cd0d1a88652a036346c6de7d7d30ee1dd59a8d90251b", "dfb32e641900be3f65c7af2ba26c7728883ed123e6246808d2068444a1338f8a", "e42bd741b4596381169df7b9643466422cc0e071fbd4d69d4acfc08df00692da", "eb4abbc6e8b7980686f07344ef0ecb7cef00188339e65fa16258feab7be0dd02", "f81d5c1f44065d3bf471255104b9740930b88347fb55fbd7116a967c1a6d3225", "f95e463db1ea767128da0df3fa48817084e2522393a1758e70d80e9d17077927", "fc9ab4d96279fc746aa4730ef51d9034fedb0eb3775e4a1aa29505261a5a8332"], "path": "%TEMP%\\vitra.exe"}], "ip": [{"hashes": ["79cb02073d36f32ce34cad9618a3bebdf09c38c1c46629e3acd76c03dd0d9ba1"], "ip": "181[.]143[.]164[.]189"}], "mutex": [], "registry": []}, "reports_count": 15}, "Win.Dropper.Emotet-7600941-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0003"]}, {"bi": "currentcontrolset-service-added", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "malware-emotet-mutex", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": []}, {"bi": "network-http-numeric-ip", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-communications-http-post", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "pe-uses-armadillo", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "deleted-submitted-file", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sample-launched-copy-of-self", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-policy", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-encrypted-section", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-executable", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "mitre_attack_tags": []}, {"bi": "pe-filename-mismatch", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-packed-upx", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-snort-sensitive-data", "hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "mitre_attack_tags": []}], "category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": true}, "description": "Emotet is one of the most widely distributed and active malware families today. It is a highly modular threat that can deliver a wide variety of payloads. Emotet is commonly delivered via Microsoft Office documents with macros, sent as attachments on malicious emails.", "hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "iocs": {"domain": [], "file": [{"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "path": "%TEMP%\\_appcompat.txt"}, {"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "path": "%TEMP%\\.dmp"}, {"hashes": ["de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "path": "%SystemRoot%\\SysWOW64\\KBDRO"}, {"hashes": ["0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26"], "path": "%SystemRoot%\\SysWOW64\\rasser"}, {"hashes": ["1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634"], "path": "%SystemRoot%\\SysWOW64\\sppc"}, {"hashes": ["bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13"], "path": "%SystemRoot%\\SysWOW64\\rdpencom"}, {"hashes": ["bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f"], "path": "%SystemRoot%\\SysWOW64\\ias"}, {"hashes": ["77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970"], "path": "%SystemRoot%\\SysWOW64\\msctfui"}, {"hashes": ["83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "path": "%SystemRoot%\\SysWOW64\\sppinst"}, {"hashes": ["83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "path": "%ProgramData%\\RPjyQXrZOqjIXJnOwMa.exe"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "path": "%SystemRoot%\\SysWOW64\\iasdatastore"}, {"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0"], "path": "%SystemRoot%\\SysWOW64\\iprtprio"}, {"hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163"], "path": "%SystemRoot%\\SysWOW64\\acppage"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "path": "%SystemRoot%\\SysWOW64\\rasgcw"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-debug-l1-1-0"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "path": "%SystemRoot%\\SysWOW64\\msutb"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "path": "%SystemRoot%\\SysWOW64\\dsquery"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "path": "%SystemRoot%\\SysWOW64\\api-ms-win-core-misc-l1-1-0"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "path": "%ProgramData%\\PJiawWEgBV.exe"}], "ip": [{"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "ip": "104[.]32[.]141[.]43"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f"], "ip": "139[.]47[.]135[.]215"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f"], "ip": "181[.]61[.]224[.]26"}, {"hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970"], "ip": "216[.]75[.]37[.]196"}, {"hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970"], "ip": "212[.]174[.]57[.]124"}, {"hashes": ["67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970"], "ip": "89[.]108[.]158[.]234"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "ip": "74[.]105[.]51[.]75"}, {"hashes": ["83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1"], "ip": "189[.]201[.]197[.]106"}], "mutex": [{"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "name": "Global\\I98B68E3C"}, {"hashes": ["0e4056035379093c420b6d84d9bcd77d2789c80d7729eb7e8635e489cfb0b9c0", "0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26", "1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634", "45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431", "486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29", "67baea8bd29156a72ecbf6d75c2abe452cf428aaa0503e3de41c93445f1bc163", "6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852", "77110ce382c087ef3b89f354e0ff2362da40500c425e97e34c2e297d8ce83970", "8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211", "83605486c96943d2a8a30a40b43c38dc588e86a05a667842132d69c5a0d7cac1", "94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244", "96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4", "bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13", "bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f", "de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "name": "Global\\M98B68E3C"}], "registry": [{"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-DEBUG-L1-1-0", "value_name": "ImagePath"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "Start"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "ErrorControl"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-DEBUG-L1-1-0", "value_name": "DisplayName"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "ErrorControl"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "ImagePath"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-DEBUG-L1-1-0", "value_name": "WOW64"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "ImagePath"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-DEBUG-L1-1-0", "value_name": "ObjectName"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "DisplayName"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "DisplayName"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "WOW64"}, {"hashes": ["486d1ab587964c3783faf01d9fb9b72c0719b512826984f17fb4b42553d2ad29"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-DEBUG-L1-1-0", "value_name": "Description"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "WOW64"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "ObjectName"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "ObjectName"}, {"hashes": ["45bb0185b3b111814469ce0ec2d2e03e4c7e469170d42ae9733402c63f804431"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASGCW", "value_name": "Description"}, {"hashes": ["94a354a98259a0d92248531bd3c8ee59ebad766bc7c3cff4a4739bd467b1d244"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\MSUTB", "value_name": "Description"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": null}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "Type"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "Start"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "ErrorControl"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "ImagePath"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "DisplayName"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "WOW64"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "ObjectName"}, {"hashes": ["96d43323599a68012b79990a2d2b861f6266a7c48ae3409f6f92aee912cb6fd4"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IASDATASTORE", "value_name": "Description"}, {"hashes": ["0eabba5e6d29aadd3551715bab5279a1a2faf19f90a24f0168b8d903acee0d26"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RASSER", "value_name": "Description"}, {"hashes": ["bae886d7885453947e93c457f93b18c50cede1b7e17daebd2c934d32917d8d13"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\RDPENCOM", "value_name": "Description"}, {"hashes": ["bd2e823604e511efa9b864d6e40d93b8d1f38d600c4ae6302e19078bd4ff0d0f"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IAS", "value_name": "Description"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": null}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "Type"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "Start"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "ErrorControl"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "ImagePath"}, {"hashes": ["de54dc917bcc60957bf16bc876080e485d5d2939c542057afc5aa5c098c2bc7e"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\KBDRO", "value_name": "Description"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "DisplayName"}, {"hashes": ["1afd9903eb0ba0b06fd05672c52a361551848d94215cf4071a329c3cd2743634"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\SPPC", "value_name": "Description"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "WOW64"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": null}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "ObjectName"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "Type"}, {"hashes": ["6a1b89dc82ca6fe2944fb21d89e2e9cd50e18d7c102cef1986d9aebbb080b852"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\DSQUERY", "value_name": "Description"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "Start"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "ErrorControl"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "ImagePath"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "DisplayName"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "WOW64"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "ObjectName"}, {"hashes": ["8257c2e631751a8a6114d4463debb0dfc2021a2630a7f463a928a4fe6c3bc211"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\API-MS-WIN-CORE-MISC-L1-1-0", "value_name": "Description"}]}, "reports_count": 15}, "Win.Malware.Kovter-7601670-0": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-flagged-obfuscation", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "wmi-process-create", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "process-long-cmdline", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-uses-visual-basic", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "deleted-submitted-file", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "compound-vb-self-delete", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "excessive-tcp-connections", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0011"]}, {"bi": "potential-registry-script-execution", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "powershell-invoke-expression-environment", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "registry-modification-reg", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "powershell-invoke-expression", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "files-created-batch", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0002"]}, {"bi": "startup-folder-modification", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "artifact-lnk-calls-cmd", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0002"]}, {"bi": "startup-folder-lnk-file", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-shell-default-file-handler-created", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "process-check-virtualbox", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-kovter-registry", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "service-dll-registration", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "registry-script-detected", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "process-mshta-cmdline-script", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "registry-ie-zone-settings-modified", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005"]}, {"bi": "mshta-in-registry", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "file-handler-registration", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": ["TA0003"]}, {"bi": "pe-resource-lang-chinese", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09"], "mitre_attack_tags": ["TA0010"]}, {"bi": "network-http-numeric-ip", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-communications-http-post", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-private-ip-address", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "mitre_attack_tags": ["TA0007"]}, {"bi": "process-hollowing-detected", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5"], "mitre_attack_tags": ["TA0005"]}, {"bi": "http-response-client-error", "hashes": ["8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "http-response-redirect", "hashes": ["2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "mitre_attack_tags": []}, {"bi": "network-file-downloaded-to-disk", "hashes": ["2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "mitre_attack_tags": []}, {"bi": "js-in-html-calls-activex-object", "hashes": ["4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba"], "mitre_attack_tags": ["TA0005"]}, {"bi": "html-redirect", "hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "mitre_attack_tags": ["TA0001"]}, {"bi": "network-fast-flux-domain", "hashes": ["5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "mitre_attack_tags": []}, {"bi": "network-snort-browser", "hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "mitre_attack_tags": []}, {"bi": "html-js-uses-eval", "hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "mitre_attack_tags": ["TA0005"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Kovter is known for its fileless persistence mechanism. This family of malware creates several malicious registry entries which store its malicious code. Kovter is capable of reinfecting a system, even if the file system has been cleaned of the infection. Kovter has been used in the past to spread ransomware and click-fraud malware.", "hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353", "b41c5b08a339677848f3c9c5e02e5fae3c5570c5a728bb8091b6d6f79d37e9fd", "b42f7aca8b215eadb70060c2fc2b0e65279b85044044a7c9d912607a5c8e1081", "b756f0caeb26534098c82886d92b9a2421153c4dc76d7850aca9ed7b3b812a16", "bed2fde530e41dee283efdd97b8e8db293de3d3c5925da5f714921fc8b6e94fd", "bf0b16cb6ee56dee78bf95ca669b2f774b404f21010b01ce9165f95afb98ca7c", "c7e758d68863f995ba193b6dbc8645f228a340066ad09095f3d3e3f8fde0c35a", "cb164f7f353e69ea9b842e7062eea3e43078bcfb6989c3948d3a91666b41b928", "ce7027f8dbefbb98e79cd35020cb4da812a0baa0b3b6d31e534af57086bc92a6", "da92a48b66138661a02cb744d9f3b69ccee6f005ef80a6ccc2f8d52766b7d562", "e154120bdc68dca6c69e4996bf881b77afaab6466f2f2688260fdffd0356f701", "e7228b6f08667a83acdcf33b197cad521d9f669fec8e515b8c2ef20d7f3ade37", "ecb0f1a16804d0b5ef16cf1f027c56c1eae247d7a188cc06d0146ea4f6db1498", "f1c4a5a3d93d9fab5249eef8d5fa06a04894233808e0e3d8bdd87e372d116d7a", "fcae6b46624ca096ba5e237e97e18f41d2398047ae5860125e2f26bebf06cd94"], "iocs": {"domain": [{"hashes": ["7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615"], "host": "maxcdn[.]bootstrapcdn[.]com"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "host": "cpanel[.]com"}, {"hashes": ["5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca"], "host": "certificates[.]godaddy[.]com"}, {"hashes": ["2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc"], "host": "crt[.]sectigo[.]com"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "host": "qdrtjvht[.]cn"}], "file": [{"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%LOCALAPPDATA%\\4dd3cc"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%LOCALAPPDATA%\\4dd3cc\\519d0f.bat"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%LOCALAPPDATA%\\4dd3cc\\8e9866.8ca9d79"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%LOCALAPPDATA%\\4dd3cc\\d95adb.lnk"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\91b4e5.lnk"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%APPDATA%\\b08d66"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "path": "%APPDATA%\\b08d66\\0b3c0b.8ca9d79"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "path": "%APPDATA%\\db7a\\c227.a7783"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fa\\97ea.lnk"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fa\\c0ce.bat"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\f4fa\\d5a9.a7783"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\d733.lnk"}, {"hashes": ["5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\.bat"}, {"hashes": ["8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90"], "path": "\\REGISTRY\\MACHINE\\SOFTWARE\\Classes\\exefile"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "path": "%APPDATA%\\904327\\acf971.5ad8d0d"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\d23b56\\48c11b.lnk"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\d23b56\\56341e.bat"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\d23b56\\8ed9fe.5ad8d0d"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\8f3c0b.lnk"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "path": "%APPDATA%\\ef9fd\\dc166.73309a"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\00594\\249d2.73309a"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\00594\\7957c.bat"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\00594\\7b643.lnk"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\61575.lnk"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "path": "%APPDATA%\\2b7b\\8e52.5c403"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\8e6f\\0197.lnk"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\8e6f\\7d05.bat"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "path": "%HOMEPATH%\\Local Settings\\Application Data\\8e6f\\cb29.5c403"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "path": "%HOMEPATH%\\Start Menu\\Programs\\Startup\\d813.lnk"}], "ip": [{"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "195[.]66[.]169[.]214"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "193[.]89[.]27[.]38"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "82[.]26[.]6[.]183"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "110[.]19[.]168[.]112"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "205[.]74[.]243[.]98"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "175[.]129[.]208[.]52"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "75[.]78[.]164[.]64"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "129[.]131[.]39[.]141"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "202[.]80[.]190[.]29"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "2[.]92[.]35[.]198"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "78[.]174[.]172[.]25"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "157[.]249[.]101[.]131"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "50[.]76[.]35[.]183"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "108[.]61[.]180[.]5"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "89[.]115[.]171[.]148"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "33[.]237[.]143[.]29"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "68[.]197[.]76[.]18"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "39[.]92[.]225[.]165"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "50[.]185[.]184[.]107"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "216[.]28[.]85[.]142"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "74[.]50[.]14[.]5"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "102[.]220[.]95[.]104"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "88[.]29[.]104[.]209"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "179[.]52[.]109[.]188"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "217[.]42[.]217[.]105"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "83[.]37[.]64[.]230"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "87[.]104[.]116[.]119"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "154[.]69[.]67[.]215"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "33[.]117[.]178[.]242"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "121[.]254[.]197[.]88"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "78[.]80[.]70[.]150"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "178[.]121[.]133[.]29"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "138[.]102[.]127[.]116"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "26[.]180[.]168[.]227"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "165[.]137[.]27[.]243"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "188[.]110[.]158[.]3"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "215[.]175[.]147[.]15"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "64[.]137[.]69[.]200"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "168[.]76[.]113[.]44"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "57[.]118[.]33[.]156"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "141[.]5[.]129[.]38"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "165[.]134[.]245[.]134"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "188[.]110[.]67[.]179"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "26[.]148[.]223[.]20"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "4[.]122[.]211[.]246"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "211[.]75[.]70[.]132"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "109[.]249[.]44[.]39"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "83[.]232[.]77[.]171"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "37[.]42[.]223[.]1"}, {"hashes": ["9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "ip": "29[.]43[.]167[.]153"}], "mutex": [{"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "name": "EA4EC370D1E573DA"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "name": "A83BAA13F950654C"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "name": "Global\\7A7146875A8CDE1E"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "name": "B3E8F6F86CDD9D8B"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "name": "Global\\350160F4882D1C98"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "name": "053C7D611BC8DF3A"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a"], "name": "408D8D94EC4F66FC"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "name": "1F7768DE4B445CA4"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "name": "45D0E7B493967BD3"}, {"hashes": ["85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e"], "name": "Global\\BBADD150515CFAC6"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "name": "Global\\B8F225B5B0E54634"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "name": "389405CE233FA3A9"}, {"hashes": ["720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660"], "name": "2F37600C5F8C3F9D"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "name": "B5169E04A784F73A"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "name": "Global\\0E043F99F52ADD23"}, {"hashes": ["6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76"], "name": "28F3C9E454B2BE4D"}], "registry": [{"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": "DisableOSUpgrade"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": "ReservationsAllowed"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\XVYG", "value_name": "xedvpa"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\.8CA9D79", "value_name": ""}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "\u0000vrxzdhbyv"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "ssishoff"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\POLICIES\\MICROSOFT\\WINDOWS\\WINDOWSUPDATE\\OSUPGRADE", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\XVYG", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\C3B616", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\C3B616\\SHELL", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\C3B616\\SHELL\\OPEN", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\C3B616\\SHELL\\OPEN\\COMMAND", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\.8CA9D79", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3", "1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "3d481ecedf7418ce930c8291375b043fbc3a879a01b8719b93296680d86a8162", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\XVYG", "value_name": "svdjlvs"}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4", "2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade", "29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092", "2d1675a1e1ab54f9fedf904a3b9d81a42c96da4a044a2bda43e226050f71bfcc", "2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7", "4bf67a114270f6506f6552ac552d9b9ef5a8f3a5bc8dd16a8a8a932d4706e1ba", "4c9ab51001bd342ca1ce44e5ca4427e11006bf4499399789dc9343eaf3576e77", "506b98313e47d5437a0e0d690c40f3501314a15b46e3be245a659e3729f70258", "5547747470941e6f2b4c76ab2e811f61a0676b2112629bc45750ba5ec96007e0", "5b870a8c9b77afc82f629efb7bde9f96e8546e53122011b41336eb5553c6e4ca", "6402c25ebcf11608c1b05d27fe6642b47638d3546713766762e50d2d3d83ca09", "6a53862c999e92e936492a1bf45823aa4bf0072bcbb4b451f47870ad6c077f76", "720609e2de6c8210effaf2870d9cb2d09b11940a6806e79d23187a658379f660", "75f47542b9efdd3a8e1ae7e149fd1017db8dddd414d1abe5c877e4d33c2f51f5", "7799dafddc4a5e548d953d26ae900690445de42ced9b2cacf272291129980577", "7f16e38c960c0db1e5f5fc9324e83bef46f6c55ed8efd0c11d44d56505590615", "8252a6deb89935b6d4d28ae5e4d3309ecb13453a8c283314d2e7be1ec4953cb1", "85bea08924265155253c171276bd3258037c0deaabc0e6e5f3788bb64125344e", "8b8240abba2d007dfecff03fdf9dc46355056aec7f00e8693f07002455c821c5", "8b9c2df052ae2d6809ff2d268fd0c7cc58df677aa90d83f527f59cc1781a7c7e", "8f0e0af7ba99a4ba8e908562d084d23daa9d31ebd5d48f6990628711cd2b1c90", "9ebe5a5b6e7219498b3c869207cc5c6fe989ea7045b8beae473199de36ef935a", "a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\XVYG", "value_name": "lujyoqmfl"}, {"hashes": ["a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\6EDCD1ACE8E1BEB04F", "value_name": null}, {"hashes": ["a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\AYIWU21XG", "value_name": null}, {"hashes": ["a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\6EDCD1ACE8E1BEB04F", "value_name": "7627520618DA5D099"}, {"hashes": ["a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\AYIWU21XG", "value_name": "30CCbFnYqq"}, {"hashes": ["a657fa50766ac0c785be910723473c307f4bb9c4770f73afc94c096df8d4d353"], "key": "\\SOFTWARE\\WOW6432NODE\\AYIWU21XG", "value_name": "3WBi1nRFP"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "key": "\\SOFTWARE\\WOW6432NODE\\8C019817F1D398F21", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "key": "\\SOFTWARE\\WOW6432NODE\\MYSAPNBZB5", "value_name": null}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "key": "\\SOFTWARE\\WOW6432NODE\\8C019817F1D398F21", "value_name": "EEDA71157F792903"}, {"hashes": ["2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7"], "key": "\\SOFTWARE\\WOW6432NODE\\D50EB5CC1AD13626", "value_name": null}, {"hashes": ["2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7"], "key": "\\SOFTWARE\\WOW6432NODE\\4PZ7ESM", "value_name": null}, {"hashes": ["2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7"], "key": "\\SOFTWARE\\WOW6432NODE\\D50EB5CC1AD13626", "value_name": "2D763433C77F0E36268"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "key": "\\SOFTWARE\\WOW6432NODE\\MYSAPNBZB5", "value_name": "C3OaR9"}, {"hashes": ["019b344a8e7f3c77456904825315980c4470a207baeaf73e4b27e806d3d29cb3"], "key": "\\SOFTWARE\\WOW6432NODE\\MYSAPNBZB5", "value_name": "aOHKXI"}, {"hashes": ["2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7"], "key": "\\SOFTWARE\\WOW6432NODE\\4PZ7ESM", "value_name": "FBuFc5gT"}, {"hashes": ["2dee218bbc4b07efb543c50b6d55e3e685a4c2e57b6c4d7c059823a1ec43ece7"], "key": "\\SOFTWARE\\WOW6432NODE\\4PZ7ESM", "value_name": "Am9kh9Fa"}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4"], "key": "\\SOFTWARE\\WOW6432NODE\\BE5AFCAF8AAB64600", "value_name": null}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4"], "key": "\\SOFTWARE\\WOW6432NODE\\FCMOIC3FX", "value_name": null}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4"], "key": "\\SOFTWARE\\WOW6432NODE\\BE5AFCAF8AAB64600", "value_name": "E90F1166D43BC0AAD339"}, {"hashes": ["2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "key": "\\SOFTWARE\\WOW6432NODE\\499CBC28D958F33C5177", "value_name": null}, {"hashes": ["2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "key": "\\SOFTWARE\\WOW6432NODE\\U0QL7EWS", "value_name": null}, {"hashes": ["2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "key": "\\SOFTWARE\\WOW6432NODE\\499CBC28D958F33C5177", "value_name": "3C415718D0FD3D35BF8A"}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4"], "key": "\\SOFTWARE\\WOW6432NODE\\FCMOIC3FX", "value_name": "Rr5DqvAEzN"}, {"hashes": ["1bb5bc698bf1c157fd1d59a93b05042191cf10faf717f4a275a65d692b47b6b4"], "key": "\\SOFTWARE\\WOW6432NODE\\FCMOIC3FX", "value_name": "pel7RtlI"}, {"hashes": ["2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "key": "\\SOFTWARE\\WOW6432NODE\\U0QL7EWS", "value_name": "5X4tBdLhrJ"}, {"hashes": ["2865baa489d087b61ade44ab6dcc5cde74b460d7c6253e35df27c8ba083b2ade"], "key": "\\SOFTWARE\\WOW6432NODE\\U0QL7EWS", "value_name": "NyRDom"}, {"hashes": ["29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092"], "key": "\\SOFTWARE\\WOW6432NODE\\B0EE98C5277E61F5952E", "value_name": null}, {"hashes": ["29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092"], "key": "\\SOFTWARE\\WOW6432NODE\\98BBO1UT7W", "value_name": null}, {"hashes": ["29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092"], "key": "\\SOFTWARE\\WOW6432NODE\\B0EE98C5277E61F5952E", "value_name": "E59BBE81C5E836CBE4D0"}, {"hashes": ["29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092"], "key": "\\SOFTWARE\\WOW6432NODE\\98BBO1UT7W", "value_name": "UkgDmeiBm"}, {"hashes": ["29c170c9817f4e027bca34e4f18213e2fcd320706c626f9c5831b901b0069092"], "key": "\\SOFTWARE\\WOW6432NODE\\98BBO1UT7W", "value_name": "VYkBHuR"}]}, "reports_count": 25}, "Win.Malware.Nymaim-7602109-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "pe-uses-armadillo", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-query-nxdomain", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0011"]}, {"bi": "feed-domain-antivirus-service", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "network-snort-indicator-compromise", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "network-dns-category-new", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-public-server-contacted", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "malware-nymaim-registry", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "possible-dga-communication", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-dns-safe-categories", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "pe-resource-lang-arabic", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-nameserver", "hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28"], "mitre_attack_tags": ["TA0005"]}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nymaim is malware that can be used to deliver ransomware and other malicious payloads. It uses a domain generation algorithm to generate potential command and control (C2) domains to connect to additional payloads.", "hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df", "9dbae95f6eb004dce6b0370f76b0e95d43c240e353446fc24498ae7e78dbd872", "ab06c617784db179dbbf31f9e3d6df86e896e42675114c50d0a7c5e69253aa47", "aec953779f7fb44866fb6bfd00422344460fce5137576e7f6b2f98e94535526f", "b076878cabba28f2940701a1a2abdc58075082ae11ccf3d33f52a289eb4614a3", "b94a18ad4c6b78a9e36f8eba215170e3a8878ed84388fb4a0927c307070c3e3f", "b9b578ef85412d7cbc53f5ab13526651c553d3536e7aa117b984ff8bb10db8f2", "bde8ae1c8acf7b839f22cae070946b10d514504cffbe785602afb3e9f03df9c8", "c8e51011acd2ad0660ba31bc47610b0eb0e19b9ad83fb9d7a8ca29215c665195", "cda143e6df05e03315d45e5905055af933ee866f0409f2a36606e8c131c952f1", "d9ee2d9ec289e2eb10a58a76a3f40c60a648d9b1b55f91fa3049052e518e77d2", "daaadacd13c7d9a3417074e61b548c4a4b34459ab88d8d79f4c7e00741df083a", "de209e2d8e5bd023206b249d627fda9c6fa1b28d9c327c6d009b34af9627bbd5", "e26b3ed84d066432f2c1fd45c240a11d479384505dd39d80659ce620968fa0b8", "e7820d396418de76ef9c23b44f09e3985235582c70e37127949753fa0db77de6", "ed62482dfc6d591b691e4aca14f101e8a788540b0806fd6ee35a11a9616989a9", "f71cdd6c23883c1ffbb09d818b93416dc545c7786ff88087a8a44445c9ac2911", "f7b585cc662ca1c18bd981d0f35bd763b09d61b49c1014782d2f65f7774f471a"], "iocs": {"domain": [{"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "msmumcsogb[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "xoisb[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "fhcbczook[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "vkeumq[.]net"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "cuxpehneqok[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "owirepdi[.]net"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "kmwiwxxhst[.]net"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "scsutgsikbf[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "hpneu[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "vsnoaue[.]net"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "nzkmud[.]com"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "zaljqgpthcoh[.]pw"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "sasrqtpipjfa[.]pw"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "aonibtaatpb[.]in"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "host": "klrjxmici[.]pw"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "kvowzwz[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "wkrpqmneiaq[.]pw"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "stspxcbi[.]pw"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "kunygnck[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "esqxhtdjfsy[.]net"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "dsnquebpv[.]net"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "kbicwcs[.]com"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "ehigsgoht[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "meeidu[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "mofmwfsocpdd[.]com"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "ubvjk[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "smhew[.]com"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "tqoef[.]com"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "cokizkbuyw[.]in"}, {"hashes": ["7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555"], "host": "ltsiajhm[.]net"}], "file": [{"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%ProgramData%\\ph"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%ProgramData%\\ph\\fktiipx.ftf"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%TEMP%\\gocf.ksv"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%ProgramData%\\"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%APPDATA%\\"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%LOCALAPPDATA%\\"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "%TEMP%\\fro.dfx"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "path": "\\Documents and Settings\\All Users\\pxs\\pil.ohu"}, {"hashes": ["0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28"], "path": "%TEMP%\\bpnb.skg"}], "ip": [], "mutex": [{"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{369514D7-C789-5986-2D19-AB81D1DD3BA1}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{D0BDC0D1-57A4-C2CF-6C93-0085B58FFA2A}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{F04311D2-A565-19AE-AB73-281BA7FE97B5}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{F6F578C7-92FE-B7B1-40CF-049F3710A368}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{306BA354-8414-ABA3-77E9-7A7F347C71F4}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{F58B5142-BC49-9662-B172-EA3D10CAA47A}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{C170B740-57D9-9B0B-7A4E-7D6ABFCDE15D}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{B888AC68-15DA-9362-2153-60CCDE3753D5}"}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "name": "Local\\{2DB629D3-9CAA-6933-9C2E-D40B0ACCAC9E}"}], "registry": [{"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "key": "\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": null}, {"hashes": ["0350f9f2984dac2a7a6770f5bf5870ad016b95d26feecde54f1dc7f6a7321c29", "0b1d7aa06898c58946bad39134dafc13439a5db0e5dc2dc40ee4553dc3d29975", "0c01e7d6a858233dd58b8b872e4893742455f50b76abff789ab29e1c483fde68", "149b63f40ca4848f1ed92a281b1b4d069b93629062bbc581564c59b8c48b047a", "149f0e351809f6cf4ad993a656ff6756dda959a8daee038be2d24fdfc8c8b007", "1d813f7e5f17acf6d2181f544c00a9e1a990ed176fb33605f0e017cac91467bd", "248e50d7d496167e3846f9093a70d875ad97c8654ae531c00b93c67d52cbb7bd", "25c352c873caa5213f0665a9ce58ea7e348d8d203377742c377ede93e8b93cd7", "26293d2fa07bbf9ed68c7d241e9b28ca4c644798d8f3fc33ef8616a6f6c74774", "2ac299dd30fe2ca31768e34b8c75134dcfbfcff6c3457e6f2ae8385822a496be", "2acf8806700ad8c0c6fa22b4fec49b63217c9be39f504feaee7de09e9bf49df8", "363144700426ca0fad29bd473528038c1341991a941986eb609b4d5083efbb28", "3b9103d8b1ea2bf26c2b8028caf6bdd9e1ad67b0e9db8b3067fd290b38c0c58f", "46e04a66e76addea2a565390ee816c56ea118681c360f736ccd220edbbd86864", "4c6902db08c7e033540304c254649849f49eebe6d91145d5d45c0fee95e2d80f", "4e1bcc088361db93034f59a5b0c96f098def9b8ccd9959157f67e410423b41d7", "526358c39c4015b12ae74212615fb4568b056f6b6a79272d71c77cab9f04aae8", "68197f9c992f00577f0a25fa16c30f51fb21c4e263108eff26fecc4dc2ad79eb", "7208ba495ff3980c1a1bc0221a5734cc27c87ce7c21fb9f4e9047bb46ce95555", "819914daa5710e05f7eca95e29810ce75b9debb4d3cc9507c1baa18749d4b96d", "83782a979f1f6d2a01c9872135f03ae220a48b405413cd8c149c1d009b4fba5b", "86928bb41c2f85970a86fc00d6f8905dec0c90306e49efb5dba681eeca92c038", "8c0d83941179966af6df1dc4d0ed5f96930e0df8f071451349ce51497d2d9aa7", "8fbc0816bd1df870987de293d24e866ff98ea18fd0f22220556ae974cc4f9f8e", "957160926bb20fec0fd05d4f50e41cc263f523616e5c27bb79a4523bdf7b96df"], "key": "\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": "mbijg"}]}, "reports_count": 25}, "Win.Malware.Trickbot-7603048-1": {"bis": [{"bi": "antivirus-flagged-artifact", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "memory-execute-readwrite", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "pe-invalid-checksum", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-communications-http-get", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005"]}, {"bi": "suspicious-user-agent", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-uses-visual-basic", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-windows-task", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "public-ip-address-identification-attempt", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0007"]}, {"bi": "unsigned-roaming-execution", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-hollowing-detected", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-imports-toolhelp", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0007"]}, {"bi": "malware-trickbot-mutex", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "task-ran-using-system-account", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": ["TA0002", "TA0003", "TA0004"]}, {"bi": "malware-trojan-trickbot", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "network-fast-flux-domain", "hashes": ["b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005"]}, {"bi": "http-response-redirect", "hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "mitre_attack_tags": []}], "category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Trickbot is a banking trojan targeting sensitive information for certain financial institutions. This malware is frequently distributed through malicious spam campaigns. Many of these campaigns rely on downloaders for distribution, such as VB scripts.", "hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "iocs": {"domain": [{"hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "host": "myexternalip[.]com"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "host": "ip[.]anysrc[.]net"}, {"hashes": ["6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a"], "host": "ipinfo[.]io"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "host": "elb097307-934924932[.]us-east-1[.]elb[.]amazonaws[.]com"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "host": "api[.]ipify[.]org"}, {"hashes": ["67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "host": "wtfismyip[.]com"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "host": "ipecho[.]net"}, {"hashes": ["84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c"], "host": "checkip[.]us-east-1[.]prod[.]check-ip[.]aws[.]a2z[.]com"}, {"hashes": ["84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c"], "host": "checkip[.]amazonaws[.]com"}, {"hashes": ["903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56"], "host": "icanhazip[.]com"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "host": "apps[.]digsigtrust[.]com"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "host": "apps[.]identrust[.]com"}], "file": [{"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%APPDATA%\\winapp\\Modules"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%System32%\\Tasks\\services update"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%APPDATA%\\winapp\\client_id"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%APPDATA%\\winapp\\group_tag"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%APPDATA%\\winapp"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%APPDATA%\\WINAPP\\.exe"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "path": "%SystemRoot%\\Tasks\\services update.job"}], "ip": [{"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "ip": "116[.]203[.]16[.]95"}, {"hashes": ["b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c"], "ip": "195[.]62[.]52[.]96"}, {"hashes": ["67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3"], "ip": "194[.]87[.]92[.]113"}, {"hashes": ["67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3"], "ip": "67[.]21[.]90[.]106"}, {"hashes": ["b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a"], "ip": "87[.]121[.]76[.]172"}, {"hashes": ["67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "ip": "69[.]195[.]159[.]158"}, {"hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c"], "ip": "91[.]219[.]28[.]58"}, {"hashes": ["903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56"], "ip": "104[.]20[.]17[.]242"}, {"hashes": ["7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644"], "ip": "191[.]7[.]30[.]30"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "ip": "192[.]35[.]177[.]64"}, {"hashes": ["c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "ip": "51[.]254[.]164[.]249"}, {"hashes": ["c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "ip": "84[.]238[.]198[.]166"}, {"hashes": ["887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba"], "ip": "67[.]21[.]90[.]109"}, {"hashes": ["6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871"], "ip": "91[.]219[.]28[.]80"}, {"hashes": ["9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96"], "ip": "193[.]124[.]117[.]189"}, {"hashes": ["6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871"], "ip": "194[.]87[.]144[.]16"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "ip": "185[.]86[.]150[.]89"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e"], "ip": "34[.]192[.]250[.]175"}, {"hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94"], "ip": "37[.]59[.]183[.]142"}, {"hashes": ["f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "ip": "107[.]181[.]246[.]213"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e"], "ip": "54[.]225[.]159[.]35"}, {"hashes": ["755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94"], "ip": "54[.]225[.]71[.]235"}, {"hashes": ["84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30"], "ip": "18[.]235[.]112[.]207"}, {"hashes": ["9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96"], "ip": "72[.]211[.]215[.]68"}, {"hashes": ["b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084"], "ip": "67[.]21[.]90[.]105"}, {"hashes": ["b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084"], "ip": "23[.]23[.]156[.]18"}, {"hashes": ["c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "ip": "195[.]2[.]253[.]234"}, {"hashes": ["c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a"], "ip": "54[.]225[.]66[.]103"}, {"hashes": ["c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479"], "ip": "82[.]118[.]17[.]251"}, {"hashes": ["dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c"], "ip": "18[.]233[.]90[.]151"}], "mutex": [{"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "name": "Global\\VLock"}, {"hashes": ["0734537582744df9451325031e9e8731642f668eccf59befd64edb7bc8fafe7e", "6689bd8590bd31ff3527c49b5b11679264a1b9b10849dcc66cbe6900478eb871", "67f0429ee85995d64131c87b6838e69ca53aa9e7b25d3ada30c97dab269ba7cd", "7180b1814adf4ede4bdab8b9c61c81af3b170cdbcc12ad847f47690e2e526644", "755a16e14820e83967b4b3e21f238fbd0a161032d1f6e837c21a1059678c1e94", "84f89b0fd428f6932f1053d6456cddb2545f4de476e55029d410f1808fbf2a30", "887e3e74d1c5d39a5bc52544fdb246b2c715068eb699cec7ad7adbe0c41afcba", "903ac66acff8f25f7990d205cece0c3be4cf19782b81ef25dba48eb3d8deaf56", "91894e74967a409a1237940d4e2c6bbe76399dedf57c771cb558aa12cfa5e3d1", "9363dc1d3c9b8a07f523624f55707ce3c0d1723dad1efbbfe3f515008601cb96", "b2103964af0368affa8fba5d7f6d240f4da2be650082498cfd7748c345275084", "b892a452a962407b340e01b761b37a33e75a5dcfd06df33f24c6f12af68f88a3", "c0189f5e94156e85176424967870b93eaadf3c56d6f37c71186aadb774e6339a", "c5f3bde9423af4d58282c14cf1b38ee6dd71982def8c3f6182ce1b75ecfda479", "d94c6866a52bb26ed7b15e72f4ee8d762876a29a2e9efa6875aaf85899d49d0c", "dc47b07c0dafe93644c39795780bb3f73727fa1b9d18f45e6e5aa6445eebfa0c", "e2e0f5369df5a08b124098492de660aba4bdfbeb08fbe8af1ed86e165a45782a", "f04cda7271ff361471a8dc27f9d6de94255df35c15842fa65e030f27077d6ebd"], "name": "SafeGuard"}], "registry": []}, "reports_count": 18}, "Win.Packed.Bifrost-7603033-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": []}, {"bi": "excessive-foreign-memory-modification", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-uses-visual-basic", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-bifrost-default-mutex-detected", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91"], "mitre_attack_tags": []}, {"bi": "process-hollowing-detected", "hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500"], "mitre_attack_tags": ["TA0005"]}, {"bi": "modified-file-in-user-dir", "hashes": ["a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1"], "mitre_attack_tags": []}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Bifrost is a backdoor with more than 10 variants. Bifrost uses the typical server, server builder, and client backdoor program configuration to allow a remote attacker, who uses the client, to execute arbitrary code on the compromised machine. Bifrost contains standard RAT features including a file manager, screen capture utility, keylogging, video recording, microphone and camera monitoring, and a process manager. Bifrost uses a mutex that may be named \"Bif1234,\" or \"Tr0gBot\" as signs that it's been successful. ", "hashes": ["03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "08541f2d74b94ca3f90b039d2525340448b71460899b368aa1ee15bfc0d54390", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "26401cc5346770c7023dee159079637155a6292f096bc0fa47cf91b74a927570", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "3ee1fa6daec1659e53d238dda830f6c344f65b32ea3c90c9b441a92b5d4b8b78", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1", "b8f1c8dcef8270105cae8058740b64dea319f284c20bbcc1a0640b011d6784ea", "ba6cf9c907a7945fac6becc2e5fbd48a8dd599415aaa54f1ca9e82c15b384395", "c1a66f3e898e80c9bd3e442feb5cff38f56dc7004f351760e75b46e6173f07c0", "c72d1b166cbf4ab8cbd18eb057fe1bbd441a6dea6afcc10a2ae0093be0998584", "c7bb7c0c27d21f8936d07bd8c91395667c96bd2e39884be69963bc94f7ec3da6", "c7d8abe66c6814d4ff5526418580a01e3ef89ab516500bce382ca8d6d1645b5b", "c7e9774b3fbb419522a4a1ae6e47c744f39680df59ac2477ae7b2dbbdc221a3a", "ca89e3795a2ceb89a5b5b2b818279f71c1bea0930946dd06d4e47476ae6cbf8c", "d22f2fccaf1cf21c78eaa03eda262dbaf073396d030cc794abe546fe11a0695a", "dc6f00485db2650c3337da4c530a1932625f61cd7353fadd5a77db29b9b0ed20", "dea2ba46f9e36eb4a7241ba436c027766f1aae3d083388282237385eb001f947", "e888543b2ed150c555ced520961e3cb8264409034ce0aa3f53304fd15196b435", "ec57d2c7d244b281cf54df27709eea908043f150592e59b0e8a30d147f4ed84a"], "iocs": {"domain": [{"hashes": ["4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a"], "host": "hh[.]servecounterstrike[.]com"}, {"hashes": ["29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500"], "host": "dzalgerdz[.]no-ip[.]org"}], "file": [{"hashes": ["03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e"], "path": "%ProgramFiles%\\Bifrost\\server.exe"}, {"hashes": ["29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193"], "path": "%System32%\\Bifrost\\server.exe"}, {"hashes": ["154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e"], "path": "%APPDATA%\\addons.dat"}, {"hashes": ["0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b"], "path": "%SystemRoot%\\Bifrost\\server.exe"}, {"hashes": ["154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b"], "path": "%ProgramFiles%\\Java\\java.exe"}, {"hashes": ["76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84"], "path": "%ProgramFiles%\\ \\explorer.exe"}, {"hashes": ["4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a"], "path": "%System32%\\skype\\sytem.exe"}, {"hashes": ["97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415"], "path": "%System32%\\drivers\\win3r.exe"}, {"hashes": ["9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "path": "%System32%\\system\\wimsn.exe"}], "ip": [{"hashes": ["4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a"], "ip": "79[.]210[.]124[.]47"}, {"hashes": ["61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a"], "ip": "50[.]22[.]169[.]26"}], "mutex": [{"hashes": ["0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "13e9c893b0135a03ec67f4dbbb43e59981a35989777eff4477bce63a7fe49727", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "16588e48147f6ef7182fa47399c520c95b559d11e69749027d16f7c6cb127725", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "2daced6a63c11b3399b36c23214d73e026cff2907b559c288db2a03e7ca7da57", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "54b54ca691dde91cf1f3e1db60eea375ea280d100dc6a5f5ea1c3b39cc4ef7f1", "61071881d3e077cbb87783faf73532e7dbca80c3252d1a398d96da0818dacc2a", "68fa9c845333388e4f2f44aa79db05c0fc10c91ebcce819f6959feec7a3ccce3", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "9620adde046b1ad8291d817e5b06c7eaeda4b5db457e5c5541cfac83806c049d", "97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e", "b81853affa6b46779eb7024f5bc388ed406d337a1913f4b15788e6e54e969dc1"], "name": "Bif1234"}, {"hashes": ["03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5", "0edb3da0e2cae96a8cffb48f8f5655fd039b01c7d2d79272232202f959d1af6b", "154e008a36ace894fb97b5e3738cfa0055d0fed2004f67e954c438812d20cc3b", "29456dcc06e1d342c9d6c6afa5f7a445839853395e5cb624c44f1fd9b5390500", "3159696d5d368ad8d214b668556c8cc8071e7a83331c7812f893af9125de092b", "32e9d1f5e0764c7471775247ad0b06680980f9db491b92281de56e93d1594c91", "4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a", "83f1bd6ff8de246bdf3b8e5a7549f26eed7a5dbcce9156ca12601ff7f7b0db55", "8e95da958f0e5beae769d9adf0bd523a4cba0a97abebee99d51642a0c484a193", "97dc870dd36389d74e9f77c725f513654c62b7152a5f18387dfb8e6c300e2415", "a51c89aa132abce4937e32d57a2d9903e507a89a1c696767164d6a33ce3eb28e"], "name": "0ok3s"}, {"hashes": ["76d71fad336a1082358567a0c5ef949bc4748397ab1258327673c316e1820c84"], "name": "explore"}, {"hashes": ["03558014784b043450fb11acd7fe1a8a8582f8b663766a8019053c76ef7215c5"], "name": "shhhhd"}, {"hashes": ["9b8f14dea7b8f6f88606f2451fe8c0e51dd029aa95180e2e08e4f7833405e104"], "name": "run"}, {"hashes": ["4d94d1641c75b880e31dbb5948c8727f82858c56480a8ed1832bedebc0cceb1a"], "name": "dll"}], "registry": []}, "reports_count": 25}, "Win.Packed.Tofsee-7603095-1": {"bis": [{"bi": "pe-encrypted-section", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "memory-execute-readwrite", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "modified-executable", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "registry-service-with-autostart-created", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0003"]}, {"bi": "currentcontrolset-service-added", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "process-long-cmdline", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-communications-smtp", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "dns-query-nxdomain", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-snort-protocol", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-smtp-spambot", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "feed-domain-rat", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "process-requested-named-pipe", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "deleted-submitted-file", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-svchost-suspicious-launch", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "cmd-exe-file-execution", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0002"]}, {"bi": "malware-compound-cta-activity", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "sc-service-start", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "netbios-null-domain", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "file-alternate-data-stream-modification", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-tofsee-cmd-detected", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "netsh-firewall-generic", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "sc-service-create", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0003"]}, {"bi": "file-alternate-data-stream-creation", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "new-service-launched", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0002", "TA0003"]}, {"bi": "registry-windows-defender-exclusions-added", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-bypassed-assigned-server", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "netsh-firewall-add", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "pe-header-timestamp-future", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "windows-utility-downloaded-artifact", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "dns-excessive-domain-queries", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-smtp-spambot-v2", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-dns-category-file-storage", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "listening-port-opened", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "localhost-ipaddress-detected", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "registry-large-data-entry", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-excessive-domain-queries-mx", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-dns-category-harmful", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0007"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-snort-server", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-dns-category-parked-domain", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-http-non-standard-port", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "suspicious-user-agent", "hashes": ["0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-snort-sensitive-data", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "dns-public-server-contacted", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-opendns-malicious", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "altered-sample-dns-flagged", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-webspam", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "nginx-webserver-detected", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "excessive-dns-query-nxdomain", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "network-dns-category-phishing", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "mitre_attack_tags": []}, {"bi": "malware-known-trojan-av", "hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact-cta", "hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "mitre_attack_tags": []}, {"bi": "netbios-query", "hashes": ["f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0010"]}, {"bi": "network-communications-http-post", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-snort-indicator-compromise", "hashes": ["28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5"], "mitre_attack_tags": []}, {"bi": "network-dns-category-adware", "hashes": ["223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c"], "mitre_attack_tags": []}, {"bi": "url-not-found", "hashes": ["1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c"], "mitre_attack_tags": []}, {"bi": "detected-trojan-added-as-service", "hashes": ["223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e"], "mitre_attack_tags": ["TA0005"]}, {"bi": "potential-registry-script-execution", "hashes": ["12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121"], "mitre_attack_tags": []}, {"bi": "js-calls-activex-object", "hashes": ["12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121"], "mitre_attack_tags": ["TA0005"]}, {"bi": "dns-dynamic-domain", "hashes": ["0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "mitre_attack_tags": ["TA0011", "TA0005"]}], "category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Tofsee is multi-purpose malware that features a number of modules used to carry out various activities such as sending spam messages, conducting click fraud, mining cryptocurrency, and more. Infected systems become part of the Tofsee spam botnet and are used to send large volumes of spam messages in an effort to infect additional systems and increase the overall size of the botnet under the operator's control.", "hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "4b321eb9bc66432459da95c3a2ef22f9dc8357a069622bd02a27e3776dddbe5a", "50097438c57ce8b6977734e3cd7231c02776971c5c3ece0c69c70c8b4f9e4e78", "52376a208926f0a1dd2fa3a9db7ac1ddba9e20e2a54e5f713b6ca81dda8f1045", "52ec885d76764d10d06a417c925dee23794ce2a451886d52d6ae757860f15fe0", "59c2f653ac78c762e385653b26dfd57c18a56ffba5f27d542b9684e87425e564", "5a4f5c5ee4b6b7a47377aeead22b31d9ba5a0072869791aa13cf4c0c018ca62e", "5a6601a15bd7eb25519782fda1938a1244c89dff2e00cd72980a6669a9b12202", "5c0eb4e52853164151448dfee900536564ba50ccadc96d492ce5d342812868cd", "5c3bc2d7691baf26d60f8fed1d093eaa9311be19738446096267d8a5bc7eb3f4", "68153036d8ac9adcd9f4f08188e1eead15965951b3788637e0ca9715dc9d1eb7", "68ec813e5bd7ee7c7d4972fa4e574fd27e4dac73bb68354eab6992e7cb8330f4", "698c562ad4b2574352762d1828de2a8a6940b07d248e19535ca235a53f1bb9f5", "6de7bb605fb03d7dee875886ac268eeabf6b9b7e0e15d283fba970679ddf4b70", "712f0628522fd89313db5b8fcc5de661da65ba5d68bb6fe53c0856d01c004db8", "731151229a939934e339b832066cf13ed8593b02401ccb72c9127abdbfaf8d88", "77382d0d6d8068e44489671c25ba6a0596a29f66279164f9b67c8f7ac0349bcd", "77a4c80d48db72934535a8eb3ba61a3be6764b90efe127c59e16b2a4a3472c35", "7ce008536ab133fb6f6460da99fb7beef0738223724254962b8b147696362f93", "83bd4b719388924d3fff43dd7e04f9fd5820af4383bc6fee2718775757712b1e", "864d1471e90e42afa94e24e7c4d90e3fd0022f78a6d285a9a783e3c05be4aa2b", "8aadaf3c8ac27d5b269446697b5b4f3484b26486892c30461af74f114c4ecfbc", "8d356200474d79f9875a903e0063c72dab9d01b186ed48163ec14e96c12e3d2a", "8f4cdbf05dd13828e568b2293fef841d6485eb6f6c12854dd24c9b047fa6ac1e", "907eb6e33df4d73adcbd7830cca80bfafecd3338e26627044e197a4be910bb20", "952d2300a49c21a5065df8c62ec8606d1d37a13aac9377eba8f362b85adbb0e1", "95cb668d91060b542e647a8342c6cf2af8536ecf2e893d660428c57a3d2d63f1", "986b88d409f8fac106f051c00c166f54a3facbb10b8a1f785a591524b6ae03f5", "98cb5731dffd0926efbf34256217edc6dd94ac9ab3b78057137cb8947b8dcaaf", "9d41e8b829395efab69733c4021db1b43a35073f9a622f6e541a86a30f552882", "a28d1ef36e1a7d797f787368b0fbdbe462f0884a4c94cf4f7834a234274af238", "a3388e70bfd477097eed2bf262ceba37f0da5b84d87ef95c0e9391c68b376bda", "a8f1dde043da717d1f8fdd84d032cb6d291c801d7123f9ee7e925ad83d1e478c", "a9df1c90d0f6ec392c2ced049716ef61878dec7127c65772f6c9f7a95000128e", "aa8d7a3aab0210d214ad0de2fe2aae552fb26d22cadf2f8d187465c117fbe481", "aef7380eac1f75666ce8759f4e26ec66436af02ba10cbd2bb62048b953023190", "b08909105199fadfc49f89fa845a98df4ac1ab51a655423e0a942ac7b1e358dc", "b1192fc740e186b3fcf5e0982845d805aa0b2efe006e4b168b441bac57523593", "b26e4bc9d606b397daa4c15e04b77d497ce8ea73f15308aad3b8855399c5bc4b", "b5a7c19c6c8c1dd8d11e131f13de30b0ccb417eb23519b2d8d754c488b48c5ce", "b5eb05da43803ebf8a1dc0c69afe2fef90426883cfaaac69fb721fb0ec804f55", "b6f9f04ed010e8a74d4259af9242c8ad2b119c1a069a0278f6a782a083b01202", "b9fca9e5ac468fad4d9ec7782d05c23c87807849b6349d04607fcb63a6b2497f", "baf3868444c4d3f68069b960b46c7d4ad40323cfafcddd859befcc7f2891f338", "bb533f79740137a73274083bce7865db38a0ffb86c0134a828bdb54ae51a981f", "c3983f9141c7fb258793056383ebc8f6154cb465fd91f1147c20e01990d41fa3", "c590b5109bafc35ddf8c1b079573a3c33daccc111c64f64cf28b544849f9b040", "cbbb873c530e63fbef67ecb73970c83108ce1ab3f88cac10d1ddc4df5cb40334", "cbe41441167e5f648b5a898b90e5a19be55309858bf2f60aa7122ae2d924babb", "cf31d4cf1765a292410c391f9e97f1416caaf866f2a1f2b3ea549fba40f1105a", "d0501a301ab7650ee2cff4943ee8aae79ac3107cd0e0b24f82e4b1f0c251fba3", "d0e2d2746431d904d7eb9b0c350cc4689dbe20e3fae9200d3ca42fdacd592b3e", "d2c055c33e169e331318e1a1bca600de0de5cd01c1f1ec0620485ea7e2e1f619", "d2c4fd605e2284b5c3222a75ab701b678b5041c9fd8b8535e23b429d971d09c0", "d7157e1e389b33dc8f8bbb510b24dc769d35c163bbebbf486b5a1fd0f707d19a", "d7dc4b61404eaa1c7887eb027dba650db48a51ce8958ea28dc78f0f17eb60fc5", "da1acc8357abdbf986c52fb1b58ce456ad979985d40176430a251a711feb425c", "dc61db7f9e46fc64d4ebf0551fd10d2e86a56b069faba6b63253186b3978d1ab", "dcbde622139df467544432560127125402480e46a6c0f3ce58e3d072fecf4e95", "df6ba713b0fab1ab44faef8dac19fd648db86ebb8ec3d22e03021c2b90877404", "e1839302cb3fdad233183bdc80f98eae68da3ed31301d0d202a2792133ab801c", "e5e926c58f1a91d6264c1cce7b8a696b7afea59d2a43c22cad1ff48cd7715120", "e9616e0f3b4c036fc7999630f02ad0ca6347ae673eabdda81dea681770a8bc2b", "eaf6eb7fb8c3ffdb9ff08a205467dcbadfa473b0a055a4ef3e0dba77e7e54c35", "eb37645e29aa1cdc1f37e1c0c93e7b72a837c2369c9424041cbac7c630eb58bb", "ec1573fc384d4a0fe2f644888af1bae1bdb7b7884d6374793c86cd73bd547775", "f038c45049e18bc2a3bbce6adacadf68b624b91842ef9ec4a34052fedc20cdb8", "f1d5d98bfc4e516ca10ef869189ee91fda67d5c049dbc75dd2c3b0c41bf75ed0", "f22b94293da2dbfcda3ee8692b565eed906d294b4be9849a57a7e09d59da492b", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559", "f3393103a39f2e936ca98f66794d408f77f07c7a4eb5021ed56891941b150d29", "f6d3f7e6d5d160349133ed2190dad09d1004297ae32cc992929fd2852df94575", "ff1f9859efecfa305391de2d164382b1350d2c58d2b9c2be3705da9903b546ef", "fff5edb4754c987eb81de9b85e376c51d6899551cc6d1fbf18b2d0bceaf24130"], "iocs": {"domain": [{"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "microsoft-com[.]mail[.]protection[.]outlook[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]in-addr[.]arpa"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "schema[.]org"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "whois[.]iana[.]org"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "whois[.]arin[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "bestladies[.]cn"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "bestdates[.]cn"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "bestgirlsdates[.]cn"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]zen[.]spamhaus[.]org"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]bl[.]spamcop[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]sbl-xbl[.]spamhaus[.]org"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]cbl[.]abuseat[.]org"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "252[.]5[.]55[.]69[.]dnsbl[.]sorbs[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "hotmail-com[.]olc[.]protection[.]outlook[.]com"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "www[.]google[.]co[.]uk"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "sex-finder4you1[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "eur[.]olc[.]protection[.]outlook[.]com"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "ipinfo[.]io"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "www[.]google[.]ru"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "auth[.]riotgames[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "msn-com[.]olc[.]protection[.]outlook[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "msn[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "mta6[.]am0[.]yahoodns[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "host": "hanmail[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "mx0a-001b2d01[.]pphosted[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "host": "mx1[.]hanmail[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "mx-eu[.]mail[.]am0[.]yahoodns[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "hotmail[.]fr"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "mx-aol[.]mail[.]gm0[.]yahoodns[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "hotmail[.]de"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "host": "public-ubiservices[.]ubi[.]com"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d"], "host": "myibc[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "hotmail[.]co[.]uk"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b"], "host": "mx6[.]earthlink[.]net"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "mta5[.]am0[.]yahoodns[.]net"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "www[.]google[.]com[.]ua"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "video-weaver[.]fra05[.]hls[.]ttvnw[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "mxs[.]mail[.]ru"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa"], "host": "nam[.]olc[.]protection[.]outlook[.]com"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "aol[.]com"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311"], "host": "smtp[.]secureserver[.]net"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "msx-smtp-mx1[.]hinet[.]net"}, {"hashes": ["05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "libero[.]it"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "host": "msa[.]hinet[.]net"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b"], "host": "tiscalinet[.]it"}, {"hashes": ["05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "smtp-in[.]libero[.]it"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772"], "host": "api[.]pr-cy[.]ru"}, {"hashes": ["0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "mx1[.]ig[.]correio[.]biz"}, {"hashes": ["0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "host": "ig[.]com[.]br"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa"], "host": "mx1[.]emailsrvr[.]com"}], "file": [{"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "path": "%SystemRoot%\\SysWOW64\\config\\systemprofile:.repos"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "path": "%TEMP%\\.exe"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "path": "%SystemRoot%\\SysWOW64\\"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "path": "%System32%\\.exe (copy)"}, {"hashes": ["0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8"], "path": "%TEMP%\\wvlhokp.exe"}, {"hashes": ["370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa"], "path": "%TEMP%\\poeahdi.exe"}], "ip": [{"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "43[.]231[.]4[.]7"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "69[.]55[.]5[.]252"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "85[.]114[.]134[.]88"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "46[.]4[.]52[.]109"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "192[.]0[.]47[.]59"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "46[.]28[.]66[.]2"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "78[.]31[.]67[.]23"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "188[.]165[.]238[.]150"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "93[.]179[.]69[.]109"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "176[.]9[.]114[.]177"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "12[.]167[.]151[.]116/31"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "172[.]253[.]63[.]94"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "173[.]194[.]204[.]26/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "ip": "67[.]195[.]204[.]72/30"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "104[.]47[.]54[.]36"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "172[.]217[.]7[.]227"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "157[.]240[.]18[.]174"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "64[.]233[.]186[.]26/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "172[.]217[.]197[.]26/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311"], "ip": "98[.]136[.]96[.]76/31"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "172[.]217[.]7[.]132"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "ip": "211[.]231[.]108[.]46"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "148[.]163[.]156[.]1"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "67[.]195[.]228[.]110/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "104[.]47[.]17[.]161"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d"], "ip": "192[.]0[.]56[.]69"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "ip": "104[.]47[.]12[.]33"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "99[.]181[.]79[.]2"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311"], "ip": "213[.]205[.]33[.]62/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "98[.]136[.]96[.]74/31"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6"], "ip": "98[.]136[.]96[.]92/31"}, {"hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "192[.]0[.]56[.]111"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "104[.]16[.]119[.]50"}, {"hashes": ["05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "ip": "104[.]47[.]17[.]97"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "104[.]47[.]13[.]33"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "213[.]209[.]1[.]129"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "177[.]153[.]23[.]241"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "188[.]125[.]72[.]74"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "94[.]100[.]180[.]104"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa"], "ip": "172[.]217[.]13[.]67"}, {"hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "104[.]44[.]194[.]232/30"}, {"hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "ip": "98[.]137[.]159[.]24/30"}, {"hashes": ["0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b"], "ip": "208[.]76[.]51[.]51"}, {"hashes": ["0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b"], "ip": "216[.]146[.]35[.]35"}, {"hashes": ["0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b"], "ip": "208[.]76[.]50[.]50"}], "mutex": [], "registry": [{"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": null}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": null}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "Type"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "Start"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "ErrorControl"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "DisplayName"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "WOW64"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "ObjectName"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "Description"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config0"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config1"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config3"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\.DEFAULT\\CONTROL PANEL\\BUSES", "value_name": "Config2"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081", "0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b", "0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8", "12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa", "1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6", "27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa", "37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed"], "key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\", "value_name": "ImagePath"}, {"hashes": ["0232e76cabc4c09b8191691e41ffd0cc2b9f1a88c762128cd179998148a5d111", "1e1769e2f970bc0b1c1d5d46ec4922c6de04e86ca5741a5007378ad18574d583", "34e436d8a2f7af8dfc8e5e90ba44536983849aa398058de2be70ca8c87d54133", "4161ceee9fcc738a00cbddfaba624b29484aab3376a14a9c3539d321e26a14cb"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\jcqwvdjy"}, {"hashes": ["0054ae6df8395634c36f1a99f4b4df3edd3ca28e515b90a3a3eb30e0808bc640", "3a400bef1869adb2525b641f1f7425fd882a26df1b1533ce56c66729461ab311", "41bdc0e1616182febe37864cff2f7fd011615b33796e5443ef7fad0f497eb924"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\haoutbhw"}, {"hashes": ["12e14f7b0a204406116cc09ceea2c1b4d8f08feca9e2d6e7dd12c10916681121", "1426700dc20043556efa4c1c8c269117e1a1d09c7ca991f7bff0f63ba0db91a5", "f281cbe2b291991deeac50aae25b66e36a53680af268ecae15b51a40a385a559"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\kdrxwekz"}, {"hashes": ["164c4890fff93d7cb73b341c111d911022500ee9da52450f97b2f68f8106fd2c", "28c25b55f98a02762851825a7c1748f70ed5426fd80431c7bd5dcc6d340b849b", "3fec44d6ea7f776d9446b54e3acd858af66713177fe216cde91441069c85d9ed"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\mftzygmb"}, {"hashes": ["1997d4dda81bf4b308fbade5e162f5854c384c5e9cf0f7681e0c77ab9a60a772", "223f7e305d45ea14fb64b89ef9c16389325070c95eae48a30d31b421f3535df6"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\exlrqyet"}, {"hashes": ["006fe42eaaadf87e7ce537f1c2b2a9930a2cfa8cf5ec44a87c221b3f7ab1f9c1", "0890de225e6d85aad88e5f99da81acb5a11148586eb39d02bf0a9fb9daf0525b"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\buionvbq"}, {"hashes": ["0b4fef0e6e222e43c42fed0bbdd300e997f7811a952dc1ff8a01f01500634412", "370a67967f9728399e59a6bf28697bef6272e3ecbf1800ec0f0dab7df9961caa"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\dwkqpxds"}, {"hashes": ["0dbc8d645507f63e94d6d66646bd33c27a5e3b1409941453b6dc85b3fffe6cf8"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\gzntsagv"}, {"hashes": ["37aa3e2ae08143083f21cbfaf8477d8b2def9bec4e219732387d91c102bb5e0d"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\nguazhnc"}, {"hashes": ["1417719dfd0bc1acfbb76e86b3113759165e66e8e22062f27b173cdb8a7679fa"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\zsgmltzo"}, {"hashes": ["0875682d36433cb0e7ac2d6fa0e6938189937260e150680b0b97c5c55efe73ac"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\slzfemsh"}, {"hashes": ["27bb321ef817b127f2f49c38d65811432dae5d940e32b9fc2d54234cbc63071e"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\vocihpvk"}, {"hashes": ["1e0a9bca0a83e65ecd1a2b5752adf0795abec4109b6b61434d53ba42b393b40c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\fymsrzfu"}, {"hashes": ["05279b3deda1fd52dff2cda7700bcf0856584a25ed6f43eb9171ad60b943c081"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS DEFENDER\\EXCLUSIONS\\PATHS", "value_name": "C:\\Windows\\SysWOW64\\qjxdckqf"}]}, "reports_count": 26}, "Win.Ransomware.Nemty-7603722-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "excessive-foreign-memory-modification", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "pe-uses-visual-basic", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": []}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-of-self", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-fast-flux-domain", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": []}, {"bi": "network-only-safe-domains-contacted", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-dns-category-file-storage", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "mitre_attack_tags": []}, {"bi": "antivirus-flagged-artifact", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "mitre_attack_tags": []}, {"bi": "registry-modified-rootcerts", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98"], "mitre_attack_tags": ["TA0011", "TA0006", "TA0005"]}, {"bi": "modified-executable", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "created-executable-in-user-dir", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "modified-file-in-user-dir", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "feed-domain-antivirus-service", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0003"]}, {"bi": "modified-file-in-program-dir", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "http-response-client-error", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": []}, {"bi": "dns-query-nxdomain", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "file-ini-read", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": []}, {"bi": "http-response-redirect", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": []}, {"bi": "file-ini-modified", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0003"]}, {"bi": "nginx-webserver-detected", "hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "mitre_attack_tags": []}, {"bi": "network-file-uploaded", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0010"]}, {"bi": "network-communications-http-post", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "windows-vault-api", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0006"]}, {"bi": "files-created-vbs", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0002"]}, {"bi": "vbs-calls-shell", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-formbook-mutex-detected", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": []}, {"bi": "desktop-screenshot", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0009"]}, {"bi": "network-explorer-process", "hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0011", "TA0005"]}, {"bi": "network-fast-flux-nameserver", "hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5"], "mitre_attack_tags": []}, {"bi": "network-opendns-malicious", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "sample-launched-copy-domain-flagged", "hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-dns-category-parked-domain", "hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": []}, {"bi": "network-snort-policy", "hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": []}, {"bi": "modified-file-on-usb", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0011"]}, {"bi": "excessive-file-modifications", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-entropy", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "malware-generic-ransomware-backup-del", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "feed-domain-ransomware", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "wmic-shadowcopy-delete", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0002", "TA0040"]}, {"bi": "microsoft-block-rule-list-app-executed", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "malware-generic-ransomware", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "bcdedit-disable-recovery", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "wbadmin-file-deletion-detected", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0040"]}, {"bi": "bcdedit-ignore-failure", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "dns-excessive-domain-queries", "hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "mitre_attack_tags": ["TA0011"]}, {"bi": "antivirus-service-flagged-artifact-mid", "hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "mitre_attack_tags": []}, {"bi": "artifact-flagged-anomaly", "hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-windows-script-launched", "hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "process-requested-named-pipe", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0004", "TA0005"]}, {"bi": "registry-autorun-key-data-dir", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0003"]}, {"bi": "excessive-sample-duplication", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0005", "TA0003"]}, {"bi": "pe-imports-toolhelp", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0007"]}, {"bi": "startup-folder-modification", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0003"]}, {"bi": "command-deleted-shadow-copy", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0005"]}, {"bi": "recycler-file-creation", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0005"]}, {"bi": "deleted-executable-in-program-dir", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": []}, {"bi": "malware-ransomware-phobos-mutex", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": []}, {"bi": "recycler-exe-creation", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "mitre_attack_tags": ["TA0005"]}, {"bi": "powershell-encoded-buffer", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005", "TA0002"]}, {"bi": "process-long-cmdline", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "netbios-query", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "network-snort-malware", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "public-ip-address-identification-attempt", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0007"]}, {"bi": "feed-public-ip-check-dns", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": []}, {"bi": "cmd-exe-file-execution", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0002"]}, {"bi": "excessive-process-creates", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0002"]}, {"bi": "process-with-multiple-children", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "net-service-stop", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0002"]}, {"bi": "command-resized-shadow-copy", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "process-taskkill", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}, {"bi": "files-deleted-used-vbs", "hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "mitre_attack_tags": ["TA0005"]}], "category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Nemty is ransomware that encrypts files and demands payment in Bitcoin for files to be recovered.", "hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c", "21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b", "232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784"], "iocs": {"domain": [{"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]hugedomains[.]com"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a", "bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5"], "host": "securepasswel[.]ru"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "host": "api[.]ipify[.]org"}, {"hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225"], "host": "data-vocabulary[.]org"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e"], "host": "balancer[.]wixdns[.]net"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]namebright[.]com"}, {"hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225"], "host": "miowweb[.]gr"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "host": "api[.]db-ip[.]com"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "host": "doc-0o-28-docs[.]googleusercontent[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]somebodydial911[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]prefre[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]slacktracks[.]info"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]befitbehealthybeyou[.]com"}, {"hashes": ["9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674"], "host": "doc-0o-2k-docs[.]googleusercontent[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]showshow[.]club"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]eleumedia[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]spiritindosolo[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]worstig[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]baiyuetongxun[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]illuminatiam666[.]world"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]jackiesj[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]vierhimmelsrichtungen[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]zlateprase[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]wide-saddle[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]barayehfarda[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]vinoblay[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "www[.]deliverydream[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]thepavtrust[.]com"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "host": "doc-00-0s-docs[.]googleusercontent[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]sdy188[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "doc-0k-0s-docs[.]googleusercontent[.]com"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]partyand[.]party"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "host": "www[.]jijigames[.]com"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "host": "nemty11[.]hk"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "host": "fmglogistics-my[.]sharepoint[.]com"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "host": "neuplastlcs[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]autoaccessorieshub[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "gggvcg[.]sn[.]files[.]1drv[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]fallbrookfarmboys[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]circcountry[.]com"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "host": "www[.]simelautomazioni[.]com"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "host": "www[.]fabinx[.]com"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "host": "faew[.]ink"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "host": "www[.]faew[.]ink"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e"], "host": "www[.]demoschool[.]online"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e"], "host": "www[.]homesweethomes[.]biz"}, {"hashes": ["4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "host": "i2ehr[.]com"}, {"hashes": ["4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "host": "www[.]i2ehr[.]com"}, {"hashes": ["bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5"], "host": "www[.]steadyodds[.]com"}, {"hashes": ["bd4a8ff85771eb162655f05317ec893041abf532b4b1a7313c9d86e0f4ad6bb5"], "host": "www[.]szlswh[.]com"}], "file": [{"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "path": "\\$Recycle.Bin\\\\$.txt"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "path": "\\$Recycle.Bin\\S-1-5-21-2580483871-590521980-3826313501-500\\desktop.ini.id[98B68E3C-2275].[checkcheck07@qq.com].Adame"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\subfolder1\\filename1.exe"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\subfolder1\\filename1.vbs"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "path": "%HOMEPATH%\\Subla\\Mot1.exe"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "path": "%HOMEPATH%\\Subla\\Mot1.vbs"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "path": "%HOMEPATH%\\ecstas\\Toxino7.exe"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "path": "%HOMEPATH%\\ecstas\\Toxino7.vbs"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Desktop\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Documents\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Downloads\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Favorites\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Favorites\\Windows Live\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Links\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Local Settings\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\NetHood\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\PrintHood\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Recent\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Saved Games\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Searches\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\SendTo\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Start Menu\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Templates\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\subfolder1\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Downloads\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Libraries\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Music\\Sample Music\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Pictures\\Sample Pictures\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Recorded TV\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Recorded TV\\Sample Media\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%PUBLIC%\\Videos\\Sample Videos\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%LOCALAPPDATA%\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Cookies\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Network Shortcuts\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Printer Shortcuts\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Recent\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\SendTo\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%APPDATA%\\Microsoft\\Windows\\Templates\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Music\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\My Documents\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Pictures\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "path": "%HOMEPATH%\\Videos\\NEMTY_U1XTAJZ-DECRYPT.txt"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "path": "%HOMEPATH%\\opm\\lib.exe"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "path": "%HOMEPATH%\\opm\\lib.vbs"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "path": "%ProgramFiles(x86)%\\Dyhll7bm\\msepk.exe"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "path": "%TEMP%\\Dyhll7bm\\msepk.exe"}], "ip": [{"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784"], "ip": "172[.]217[.]7[.]238"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "23[.]20[.]239[.]12"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "ip": "172[.]217[.]9[.]193"}, {"hashes": ["9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "172[.]217[.]7[.]206"}, {"hashes": ["21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b", "31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b", "a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "13[.]107[.]42[.]12/31"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784"], "ip": "172[.]217[.]7[.]174"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e", "4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "ip": "170[.]250[.]53[.]240"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "205[.]144[.]171[.]155"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "192[.]0[.]78[.]25"}, {"hashes": ["4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "ip": "184[.]168[.]221[.]66"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "ip": "50[.]63[.]202[.]39"}, {"hashes": ["232573e18d3f45b5b9a9abb50e09eb67ffe2e049d63dd602f411d46b02f18f2e"], "ip": "185[.]230[.]60[.]211"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "146[.]66[.]113[.]187"}, {"hashes": ["2c2635859e5436830913c41981130ca02b9ff1f91f6149702af84243f42ac225"], "ip": "138[.]201[.]168[.]29"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "81[.]19[.]186[.]167"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "ip": "3[.]234[.]181[.]234"}, {"hashes": ["31dccda43edcd3002ceb8f7cbc68bd749309ba953e592a48da0cf45b8d482d0b"], "ip": "40[.]90[.]22[.]187"}, {"hashes": ["21264886ed27cea1812b312ff85d2262b72e8af026dc290da8214e1e8960972b"], "ip": "40[.]90[.]22[.]188"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "ip": "23[.]21[.]50[.]37"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "63[.]250[.]41[.]107"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "172[.]217[.]7[.]193"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "ip": "104[.]26[.]5[.]15"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "ip": "162[.]213[.]253[.]192"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "ip": "31[.]220[.]121[.]73"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "103[.]72[.]146[.]121"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "41[.]185[.]8[.]172"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "156[.]243[.]20[.]220"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "ip": "63[.]250[.]37[.]110"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "ip": "13[.]107[.]136[.]9"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "ip": "91[.]235[.]116[.]180"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "ip": "104[.]27[.]173[.]5"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "ip": "74[.]50[.]60[.]147"}, {"hashes": ["211c8a29f76ac8521b51ba578764c2c22a18472c4bcc5e19f7e321951243b97c"], "ip": "63[.]250[.]42[.]168"}, {"hashes": ["4036eef611df5fafcff1ea69bd37bffb2b0b091b6421100c671aa40b7d807f8a"], "ip": "81[.]170[.]200[.]164"}], "mutex": [{"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "name": "8-3503835SZBFHHZ"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "name": "Global\\<>98B68E3C00000000"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "name": "Global\\<>98B68E3C00000001"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "name": "K41BS5D2301JFDHG"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "name": "S-1-5-21-2580483-10603899367670"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "name": "6Q9114S7BUVv1I9Z"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "name": "L157BD647S7vKCZY"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "name": "S-1-5-21-2580483-10602865790989"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "name": "S-1-5-21-2580483-888606054490"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "name": "S-1-5-21-2580483-10602417393080"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "name": "da mne pohui chto tebe tam bol'no... dlya menya veshica i ne bolee..."}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "name": "S-1-5-21-2580483-14842513634586"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "name": "S-1-5-21-2580483-1924291306070"}], "registry": [{"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520", "9ea864bf39f23d4115db192bdddda486c9ac67bd74ac0320900cdb75d048d674", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30", "f730d7caf3e44c1429cb7bbabeb2d801c4f49f100c834b26eb4fab8d72528a98", "fdbc0107fa0fa6923e0caa39bdbb2e04c72134879ac845ecc6992301d2fc5784"], "key": "\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE", "value_name": "Blob"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\INTELLIFORMS\\STORAGE2", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA FIREFOX\\20.0.1 (EN-US)\\MAIN", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000001", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000002", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9375CFF0413111D3B88A00104B2A6676\\00000003", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\0A0D020000000000C000000000000046", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\13DBB0C8AA05101A9BB000AA002FC45A", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\33FD244257221B4AA4A1D9E6CACF8474", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\3517490D76624C419A828607E2A54604", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\4C8F4917D8AB2943A2B2D4227B0585BF", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\5309EDC19DC6C14CBAD5BA06BDBDABD9", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\82FA2A40D311B5469A626349C16CE09B", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\8503020000000000C000000000000046", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9207F3E0A3B11019908B08002B2A56C2", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\9E71065376EE7F459F30EA2534981B83", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\A88F7DCF2E30234E8288283D75A65EFB", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\C02EBC5353D9CD11975200AA004AE40E", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\D33FC3B19A738142B2FC0C56BD56AD8C", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DDB0922FC50B8D42BE5A821EDE840761", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\DF18513432D1694F96E6423201804111", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\ECD15244C3E90A4FBD0588A41AB27C55", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\F86ED2903A4A11CFB57E524153480001", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS MESSAGING SUBSYSTEM\\PROFILES\\OUTLOOK\\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\\CALENDAR SUMMARY", "value_name": null}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d", "af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f", "b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\WOW6432NODE\\MOZILLA\\MOZILLA THUNDERBIRD", "value_name": null}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Startup key"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Redn3"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "BX4H_RU"}, {"hashes": ["b51d82b498581119a661400c90e9dc0b6cb15ba011f0fe55aa2e0bc4b6f64f30"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Hore"}, {"hashes": ["af8f4b4b4cefaf594499c086483b94a43efc151cfe102f04bdb2451beeda269f"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER\\RUN", "value_name": "LRTPUNCP"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "key": "\\SOFTWARE\\NEMTY", "value_name": "fid"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "key": "\\SOFTWARE\\NEMTY", "value_name": "pbkey"}, {"hashes": ["bcaf8b9b2ad9a86c500055a3d4879ab37ecf475dd459a1781e586dbba4f1209c"], "key": "\\SOFTWARE\\NEMTY", "value_name": "cfg"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "19c731e47c4b6b8a82dbc332fd85250c"}, {"hashes": ["1d65adf3d53d2e6a7967de17f625d0556f0821958816637c60f76940e4c28520"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "19c731e47c4b6b8a82dbc332fd85250c"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Nap9"}, {"hashes": ["a6421d2ffa3af855b46ccf0c2d9ba0c763ef16f8c80c41a7dc74412e4787217d"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "IPPH9R5HHNY"}]}, "reports_count": 15}, "Win.Trojan.Gh0stRAT-7603864-1": {"bis": [{"bi": "memory-execute-readwrite", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": ["TA0005", "TA0004"]}, {"bi": "antivirus-service-flagged-artifact", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": []}, {"bi": "cta-static-analyzer-malicious", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": []}, {"bi": "pe-section-execute-writable", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": ["TA0005"]}, {"bi": "hook-installed", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": ["TA0006", "TA0003", "TA0004"]}, {"bi": "pe-uses-armadillo", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63"], "mitre_attack_tags": ["TA0005"]}, {"bi": "antivirus-flagged-artifact", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "mitre_attack_tags": []}, {"bi": "registry-autorun-key-modified", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "mitre_attack_tags": ["TA0003"]}, {"bi": "malware-gh0st-rat-mutex-detected", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "mitre_attack_tags": []}, {"bi": "network-communications-http-get", "hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d"], "mitre_attack_tags": ["TA0011", "TA0010"]}, {"bi": "network-only-safe-domains-contacted", "hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d"], "mitre_attack_tags": []}, {"bi": "network-http-blank-user-agent", "hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d"], "mitre_attack_tags": ["TA0011"]}, {"bi": "excessive-tcp-connections", "hashes": ["699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b"], "mitre_attack_tags": ["TA0011"]}, {"bi": "pe-dos-header-pages", "hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "mitre_attack_tags": ["TA0005"]}, {"bi": "artifact-flagged-anomaly", "hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203"], "mitre_attack_tags": ["TA0005"]}, {"bi": "network-private-ip-address", "hashes": ["cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3"], "mitre_attack_tags": ["TA0007"]}, {"bi": "html-script-prefix-suffix", "hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81"], "mitre_attack_tags": []}], "category": "Trojan", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Gh0stRAT is a well-known family of remote access trojans designed to provide an attacker with complete control over an infected system. Capabilities include monitoring keystrokes, collecting video footage from the webcam, and uploading/executing follow-on malware. The source code for Gh0stRAT has been publicly available on the Internet for years, significantly lowering the barrier for actors to modify and reuse the code in new attacks.", "hashes": ["2737d0c8ab41b5bf6abf457fb940b7a4f8f90c7688600a4df87fbdb654623779", "550d6397943cd525439a0d62c79459519d29438f1b1fcfddbbf2eb4a48660e63", "60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b49b9e9f1457c63665a8e58d4f09a4811b0fa7733f650d163b87d686f4326203", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565"], "iocs": {"domain": [{"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "ip[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "whois[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "www[.]1182[.]org"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "site[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "beian[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "fl[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "www[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "pr[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "link[.]aa2[.]cn"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "host": "www[.]jqgcw[.]com"}], "file": [], "ip": [{"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "ip": "103[.]45[.]105[.]244"}, {"hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "ip": "101[.]200[.]58[.]177"}, {"hashes": ["ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565"], "ip": "117[.]78[.]50[.]197"}, {"hashes": ["699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee"], "ip": "112[.]74[.]75[.]143"}, {"hashes": ["ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019"], "ip": "210[.]222[.]25[.]223"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d"], "ip": "117[.]168[.]99[.]164"}, {"hashes": ["b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e"], "ip": "118[.]125[.]192[.]112"}, {"hashes": ["8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b"], "ip": "60[.]190[.]216[.]225"}, {"hashes": ["da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b"], "ip": "113[.]214[.]1[.]34"}, {"hashes": ["e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109"], "ip": "69[.]165[.]69[.]98"}], "mutex": [{"hashes": ["9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063"], "name": "127.0.0.1"}, {"hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b"], "name": "101.200.58.177"}, {"hashes": ["ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565"], "name": "117.78.50.197"}, {"hashes": ["699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee"], "name": "112.74.75.143"}, {"hashes": ["ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019"], "name": "210.222.25.223"}, {"hashes": ["cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3"], "name": "192.168.99.25"}, {"hashes": ["b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e"], "name": "118.125.192.112"}, {"hashes": ["8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b"], "name": "60.190.216.225"}, {"hashes": ["a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d"], "name": "w1464642840.f3322.org"}, {"hashes": ["d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81"], "name": "www.cq52.top"}, {"hashes": ["e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b"], "name": "xiaoxinzadan.gicp.net"}, {"hashes": ["da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b"], "name": "113.214.1.34"}, {"hashes": ["e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109"], "name": "69.165.69.98"}], "registry": [{"hashes": ["60d7cae08475fb78cab77e09df43468cc0f6d2f01f847fc7582f56731672b0e8", "699d3462c7c71c5bf0ad9c2dfc15faceb7d4858d2d0c341c9e18c27398718a40", "8f3642fef8a0f84c1615efd6e3b90e26fcb8907d9a6e4904d2587dacd741932b", "9d2c079618d2b3cbaa4c022048da451ecf0148fbae4cf41f8f19c363e9c23736", "a9722843aa8d6b1b5a5e5400556c57b9cc31bf5a216bb5b458ce9241e818469d", "ac0ad4dc0abc6563b1ed7dc14703d2b77dfc606cffe875776c1167a95d6faba8", "ac1807117ea4b5221dad637a8891e567849473d15cdfe49856d38877e1463019", "b3ca2156cb96fb2d609bcf2b31080884d9a5621a3e1973c5338be746aec8317e", "b927b88cb9fb216b54b307fbf9d90fe6189af102d6b2b65a6e82ec1ee8cb7d7b", "c353e7a5e14c1aecae9d044da58c51daa0446118bbda54bc58777e9f39cdbfee", "cc2f2e01b07ea319cf4d5953bcf96c2c58ec218a4d0090b968291977d2e5b5f3", "d43226aa4cba93b5bee9797da90d9a703c209cc8188693f93a603fdb60340063", "d8b1847f025c2d48f775099421979c788816a1ea2c527f3c16f28aad1bc12d81", "da7cd6233482da9114bf51bd6fb42825d4f4a044c4239a6e267d2134eb21282b", "e1ce464fd9c93969082c215d2358e6fb3e84e173fdaf36b1b1ddf6918a949109", "e333a3c187ceea41f37e91b83dd79b5b6de3d96dfaa4dd76b9f5c9689683206b", "fede423fee4e77f708b95fb3e6efc2262e333fc295b1576f7f5b3163b053b565"], "key": "\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "SelfRunDemo"}]}, "reports_count": 20}, "exprev": [{"count": 3886, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP) request. Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 189, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 120, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 117, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 95, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 73, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 59, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 13, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 12, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}, {"count": 10, "description": "A process associated with Microsoft Office, such as EXCEL.exe or WINWORD.exe, has started a Windows utility such as powershell.exe or cmd.exe. This is typical behavior of malicious documents executing additional scripts. This behavior is extremely suspicious and is associated with many malware different malware campaigns and families.", "name": "A Microsoft Office process has started a windows utility."}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2020-03-06T13:52:34+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Dropper.Emotet-7600941-0", "Win.Downloader.Upatre-7601201-0", "Win.Malware.Kovter-7601670-0", "Win.Malware.Trickbot-7603048-1", "Win.Malware.Nymaim-7602109-1", "Win.Packed.Bifrost-7603033-1", "Win.Packed.Tofsee-7603095-1", "Win.Ransomware.Nemty-7603722-1", "Win.Trojan.Gh0stRAT-7603864-1"]}