{"Doc.Downloader.Emotet-6826494-0": {"category": "Downloader", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is a banking trojan that has remained relevant due to its continual evolution to bypass antivirus products.", "hashes": ["02961b9b1846411364a0c00b6546aeaceec7e7156a89662ae81a2223c9a612ca", "0acd52e7f92f125d8fec5d78db296ee3c88079456dfb66b84fa92be944dc1293", "11d52b1ee5c330911ed98ba86a4560c67cba2bd70427c8d33a0b793ddeb5c11e", "16ef10e1f741ca1cb22b657dda69b7d15e6c016a667602fb8fe825b5846eb4b5", "175b20d5f2079f86b1fe4ef91d5a84ce3fb71939b3c8297e4de6587875dca6d5", "18c74f2852985acd6a5b35d21d12e8e852d54003b4e5d3714243e045969c434f", "1a4dc5022a6b5296fe5d03597782a985bd721e3651b010c06b9be205b5c9f97d", "1c7813fcdec02ae9bf9bb816d87f66eca49cffa1df2de22aac19d2b365e59df2", "1f5e9f1c173cc8611a5d34e801c0a26ce7365cb1c7b660bcd88816153b76d467", "2210bb4262bd6f02c2c1b836ea7372c28b35f7e31d81dcf4749fbd4fe71676fb", "22b521f4fad5c39e0d84729f3e194782f2a802c03f6e24ef013e7e33d299703f", "2311a0274a3edf0a79d422ba126d2a1e23e98b13c40762e2aac7b40686a308c2", "26fba2bd9792cbe6aa14f3baa9a2ffb57344d7348805648a53dcf92644a8b973", "3cebbd85235c819ec92210572035f2973b54740f306b8b0607e03c84eb7b0914", "3ebc758a0186db99545ab2614b2a96544ab4509bf7d24c8d11dca06b2d17adbd", "42df2ceda548dbd95ed4cf8176dfb8817e7350ea9b296adb33a3e6c3f2fb272e", "4dfb9830a14e1e92ca88b40189fb05be60a42be886c9ca1cd2f6a3f5f09e0208", "51cd6bdb18da6dc94549e067b04e727b9e947f2f189f5c27da67eb56f77c5f54", "547ee4142a9088eba58961d0bfdae6a32f501affcff9dce7e3f424f47b8fd4a1", "5d3e5a9b7730bd40f0cd4392367744bb7a3ddefd3b316d603e56369a7813ee68", "680d56d915ec028d4d0e33cd63e90f58c1f67c4e8b92d11eabf2576702d5b3bd", "687d3887779bf147f8ab6637c28f76559f3a1cbe0899cfa07d0ac33733fc74ef", "6c9f60643913ae688fc163d8e09a71268c0bd527ca5e9330c163108aafac5944", "729777e3d2a3bc3e6846bdf89f4480052c3e5877a8dbd3d93c7a7d9f38d90311", "7575b3de182b5ad8b92eabad4f5307e27280729f81ab692d20633dac2f786d8c", "7ae43402b33483d995f4c64940500a3cd508a22e4e2ae9c70ead3f9fd6396bc7", "8393f02d75dd065203874f01ad54ccaa767603b63d5a2faf77d3a55c17a6b4bc", "853d3351d23e0de67958a4669d628444c1a15d4de4de4f114f8db90689a2d715", "8560ed53158f7c2f7931ee6e95abcbf0325d117b039d96f9ebc2e7971c22a151", "85c34d5e33c6c2d08ac86962f0f436f2f7410bb52f502a02918bafef475e7062", "86a027a3488bdd5bf414a07ed8931dbc93c98ae6ef9e2926201ae77a18d8191b", "87b5210624989f6ff74bb9a07083aeab116ba3e179db099f768982ac1dbbb5b8", "943aa71f481cb0a3af7e24e2be09298ed6c98235b4d1cfb89979339c8bad8085", "9827a577b252a3417174e8177592785515f22b9bca4d435a2206e512a2ced3fd", "9aee83d453ff3ce67e771d3b417ec0e29c1104a3e6b035088b8e799557049c3c", "9bd34506cacf57f6329a6b5530684822d50d03a26e6105d217220e46297bf84c", "af3fea36a05c59c3670d5fe58a4d679c3e089ceb8be39c92663c3401ce8784eb", "b0c1928907197dd3edf23f1cad65789fe808ed5297c7a6d827ed3964a8b77033", "b97b8a4c2643b39fbf956957c510841b4c1dc1a86024ce1c12d245bdb79c6d0a", "ba977bdefc4cc290d9de8dfdc3a01851f37200c31090ec4fe6ec08d161152dab", "bf7d37d11475ec9d2bb51c09fdb4e7a5df5b2da02db2aa7fd25002a588f30384", "bfe3da42a788789e773ed932694f6b3fe4a85ed8550f10a73419d66faba53482", "c114bbeba1852423744418a9776f5b9d671425f38afbf5586a0a62f586081238", "c2470c1b4e9e97fa1820f29ca1dece3f99e154c6cd695d1e6f89e12425eb3a4f", "d997af80a0b2cea354d82735f28b04fb6f40ec6a687b4616cbc03230c7319ad3", "e78f28580ea5e79a33be5ba93c71e2c66528812db3580a3e39f3f652ecaaa858", "e79a4fc5eb679dc4155b47d777c8cb043cb184cf061c7248fe39eaf76cc00cb3", "e7dcbaaec834d3b3accd527299f71fd1056b9b88e5156d83ec6e928d13872177", "f3e187ebd0be4413d9495345935aeb63a025bb299c63b24787188a71003e5a5b", "f43ced0de6dce1c3fcf386cb7bd4e0d787d64983f0d2bb236311605402ba74a9", "fc4fa944b430fb0c175ab12d9bb776819f04d29c4a371baa243af0d7e7ab267b"], "iocs": {"domain": [{"host": "www[.]seine-et-marne[.]fr"}, {"host": "TLEXTREME[.]COM"}, {"host": "vanherreweghen[.]be"}, {"host": "www[.]tzen2[.]com"}, {"host": "www[.]addthis[.]com"}, {"host": "www[.]iledefrance[.]fr"}, {"host": "www[.]stif[.]info"}, {"host": "www[.]camenisch-software[.]ch"}, {"host": "tlextreme[.]com"}, {"host": "sh2017[.]chancemkt[.]com"}], "file": [{"path": "%LocalAppData%\\Temp\\736.exe"}, {"path": "%LocalAppData%\\Temp\\j02khkb2.lmy.ps1"}, {"path": "%LocalAppData%\\Temp\\q30h0dfn.q03.psm1"}, {"path": "%LocalAppData%\\Temp\\CVR8B7E.tmp"}], "ip": [{"ip": "52[.]31[.]99[.]185"}, {"ip": "47[.]52[.]19[.]221"}, {"ip": "91[.]209[.]78[.]110"}, {"ip": "46[.]30[.]213[.]132"}], "mutex": [{"name": null}, {"name": null}], "registry": []}}, "Doc.Malware.Valyria-6821700-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "These variants of Valyria are malicious Microsoft Office files that contain embedded VBA macros used to distribute other malware. ", "hashes": ["006527ed4540d3e8b684bdc110cb1f738ca696e8706b748892930994de3dedef", "11f7710f8cabe988168078cd6ba83c2544d1d06c9a8a3583fabe164e87f7048b", "23f1b03ee66fb8dd1a515afd7adeb8f85b260ef5e20a7d80ad1697865f59f794", "243a87a44e767e8d5b788c29bb0dbec9986956b40c407074f670bcc9b206d730", "2b201210a7ea524a3d65c7d2ee2e7d322479657076a1c30f8ec6994eb97f269b", "3f7f15af2c3736d94f62e8d58bad269d29198eaffc40ccdbfd166878daeef652", "400d6b89b8026f39de9c80b89aae66e49afebf153c8b5b9d480307ada0f4c428", "5bdac880fac6d0b90751b1f2f7dd97b50ddf2759926a414b940dff6fb8117833", "5fefc488c0bb534fe5de5eb5244524ab5138474609c6363f959845a35b2fa94e", "73d4c1dafc168a36218d215548bdcc87b0ecb667acaf685b044b680f4f678dca", "775b96aa12728bfc5f6f68bf11d8ff34e252107d8f63440a471495e8ecd9f1f7", "79f220cc40a6d9d27adc27374ebf0263792e86b64061a709357233b88bb847e0", "7ca6572429e9aeeedaeb810c5752f1ee4f300435eedb55efc6128a3c5cb40028", "7d1452ab28a32b82e29a27b02f3881ed4eb7e33e47c65791753b6f9f6b0da364", "7d50253b1168a61a502890fdd13e7245b5f7aa8465da25e3bed00a8fa0a3b4fd", "8f0dae9f191c55289ab80783e68c0e03e97f391cd86ae283304555f20d8f2d31", "a09a6e4a65a174787ec889f5e9d9024cdce88d46577d022a012ee4f86fb472cb", "a77b90d16bbdd99569309b37cdae642159e8761ae9f8fb0853b193c0d3db7565", "a8e856a69c9eb0074a418c67d575b91b49caea488574529a40e3b129cefde689", "b438c81b2ada4914b77fb936ca70aa4fa1cb4cb6867c2171e9d21989a4419350", "bd48756252ebf449627761f36c813dde9d57c0cdb82210e864afe4530353a362", "c0c3c539411f9d602316f053a8c68bc78461be9c7b305107c2da072ebe1384a6", "c77196231630b535ef5f0d46f78b7be22a27954daf395065b8f448829bcbbdff", "caa71fe55c039c34b917a568a5325dee1ab6bbd7e343672b23dd3a498b2c21c6", "e8f63eab9292aeb9f3b6adb62df6eb338ff28ff06faefa7fbbeae10e7e04927b", "ef631897a847832e57d7a2da4bf4f575aaa95b6c68f03dc0afc4bca516b47f2a", "f23d0315e2d1663630c0f9424284f16115615e2cd77d0bd432d5a29c51f66698", "ffc7944f16c06efdd23a4fb946eac1dd2b1a91f2d27b7cf24396a78713b17c5a"], "iocs": {"domain": [{"host": "cm2[.]com[.]br"}, {"host": "heteml[.]jp"}, {"host": "secure[.]heteml[.]jp"}, {"host": "snowdoll[.]net"}, {"host": "www[.]plano-b[.]com[.]br"}, {"host": "ecojusticepress[.]com"}, {"host": "craftww[.]pl"}, {"host": "lavoroproducoes[.]com[.]br"}], "file": [{"path": "%LocalAppData%\\Temp\\619.exe"}, {"path": "%LocalAppData%\\Temp\\rucrrluq.3nn.psm1"}, {"path": "%LocalAppData%\\Temp\\wjyt5a53.3uh.ps1"}, {"path": "%LocalAppData%\\Temp\\CVRD0AC.tmp"}], "ip": [{"ip": "191[.]6[.]194[.]81"}, {"ip": "177[.]185[.]194[.]161"}, {"ip": "157[.]7[.]188[.]229"}, {"ip": "45[.]60[.]22[.]20"}, {"ip": "54[.]164[.]54[.]199"}], "mutex": [], "registry": []}}, "Win.Malware.Ponystealer-6823878-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Ponystealer is known to be able to steal credentials from more than 100 different applications and may also install other malware such as a remote access tool (RAT).", "hashes": ["057500aaa50232337866b4470e930a698d96c97d446f2737bb9e69807e13fcd0", "26df92ebf43f0dda98bd34d5f72841717bbe9c524bded8d3d77bede19baedfc2", "2a5608a0d642fd23f0b49c6436886e937d4ba4a40e048bcd57338e74d7815a81", "2aee79633fda123830fe7061900dc9deb2af0c45d1ad97bebea2e853e0f6ce17", "424217fcced5f9a8a35c9de9a66e0c06b761cd2e46db6a042f325835104fcc47", "439e2e22cb2ff1879dd19c1efe2c2d8e2897d6cef866ce6fb9a33c84165253fe", "539c084c60d1d5e901aea6240f113a021c7cd7e447ac9cf35953d05666f3cc22", "634dc330090c9f2b5d7b1c670102d5c1cd3389cb676ff04cdbe87df50bfcfba7", "736b02c049a77d35435fb18fab0067544c4d6cc0cb2e0bfb9bf5152f65a8db93", "8269d87f90e2d401e0ac70d2f9e32aef62db5a70f7a0165646f44534edc9c265", "93411f9ee4535cba7e1c0e288a3188d9d1679d5b2b0bdd4e3b862d49e53510e4", "a1436dfb3efb320afadb5355b305794a330284c5515283dceaaf70dc09450c73", "c1e8d791958e9943798a6f28fa6a9563519d0d5a49d37f834af14b4074f2efec", "c920ed42aae02a1536408fd3513dc1694fed093091a5655529149c989c7d6744", "c95d501830e87c470c7d731a7be78fae90b38d4eb8aa8365d981d8397407fbac", "d59d2b4a4b6473f7a82109b6768d3ce62fde8ec8f6da786986a2545da0245e49", "ec8abd35fd1e3c8f29f4187d9ddcb7c6c3c35a838c688d8a08553d46ca091cd1"], "iocs": {"domain": [{"host": "1010[.]http01[.]com"}], "file": [{"path": "%AppData%\\remcos"}, {"path": "%AppData%\\remcos\\logs.dat"}, {"path": "%LocalAppData%\\Temp\\subfolder"}, {"path": "%LocalAppData%\\Temp\\subfolder\\adobepdf.scr"}, {"path": "%LocalAppData%\\Temp\\subfolder\\adobepdf.vbs"}], "ip": [], "mutex": [{"name": null}, {"name": null}], "registry": [{"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Adobe"}, {"key": "\\Software\\Remcos-L409SR\\", "value_name": null}, {"key": "\\SOFTWARE\\REMCOS-L409SR", "value_name": "exepath"}, {"key": "\\SOFTWARE\\REMCOS-L409SR", "value_name": "lic"}]}}, "Win.Malware.Ursu-6822222-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Ursu is a generic malware that has numerous functions. It contacts a C2 server and performs code injection in the address space of legitimate processes. It is able to achieve persistence and collect confidential data. It is spread via email.", "hashes": ["06331cb6eb8673a49614b3cf67f302cf7a3b5ea18b8bb7d004884cea8f196a83", "15ce5b3be486d7fe23f3115531ed6642587e3dff9bbfb5fef43ece0ed0cdb3f4", "198afede85accadb3c147dc92ac2f04866e2e2bbeea7ec1333f73e6a8d76a04d", "20edb680512a8741667e2652de74649da18542399acdd8dbdc9bc7121f422f40", "23c8d65f46d2aeb395e25e63dcf0d417703f7a54b501fb40aebc554061384bfa", "25f41a5ebb1175763d5eeb509a9b2fe559fdfd94a0d1a4736b7b766f9ba6363b", "2c224aa21be4c3f8bce2e13c0ddb04ce5ec9cdc1480c172d5e0e4e15fdee2c44", "2e889d267181a338b3c100a69417ee0a145820ab2aea59939d8bb6ccf56f3aef", "3223a9b86a93b8869b44d7d8d2a7e98de99ddd0e1a5050dd7d708c087f18458e", "32d7daae4063be4c3cf70d4cb43f0079d53c66170edbcba8282da98d49a7dbbe", "33def1029bdf7c6675d05d5f224749026a32717392ef848bb0a35b7d6a8f29b9", "40ad8820abac31fcf2219adb68218cb93765895995cb66f50dca15908d364752", "471866dd10a5be75f2119d718325aa4026ed267bae3ad29cb08cec747b11e4ea", "49f79b464c4130f0ff3a0c2b0d3336b0f6b8f51f56164f21b5ca7315424ea39e", "536c227b86419e3a60bc53b317001b6b8cb9894215a8431542867f4fd10f98ec", "53802104e558d3689a2f99347a69302fd459ee82615428cde09c28b4f7543541", "54064cacc8929ef3581370dd311be773d6f3cc45fab81d3a37552b1e854b770d", "61cfcad8b188a5dda449b76b070092eaa48ecad62c059b4795d3bcbb1e9581e6", "66ed081ce04cc7e9b321695e153f237f0f430a1dd103e719c8a3812afe148455", "6fb3f86955fd966f04ede90e33d2b9ae749b7b44a0a5fea78dca6a66387b5b92", "747cae3430aeeecc86f846ba3bcaad9645ac6a6c0cedc5c027c2b8b3ad1d561e", "75d9e8e6bc72e53881b4b8cd9daba1c13da9761cfafa560f57410ec8078ad675", "7e08971c510b3fd9d85876a9a057ba601c38da13173bbda1abe54e05074b22b1", "8a0b4a3b97122043e1ab8225b331fc4069ba150a275bc77316abc23841feda69", "8c3de5bbdd6542a6d0c828764b1f47a37a4cad07834bec2fc9c7ac31316834f0", "8c3e1f858cc936ad7ec455ffe7dfc0682824c504430f912300bb055a30d60ee6", "9161788cd961237b0d14a7d706d2f49354e0720a5503910df3eaa6edab4da697", "9e38f70788ecfd4bf938f58856ce899221c76f60a804e97afe6131b48fd19ad6", "bd52753a89da6d8045d0b888673ca617de42688241cfb9b1eee355c39bdd7cb4", "c1a8cf0c4ee488f24dd99978013afa4d81233d8a336a43d43f706234a4029629", "cf55d792819f7b2fdde49c18fa4f3e5024f830f2455367bfa04dc2cfce82bdbe", "d6efb5b72a3121770c5f96ded0d89cea82ae772e4699bd8e6a1988464797f9f9", "dc8845302a5b54a6f0811dba8530e1dc833808e72123606d43438521263a0948", "e4a029aea0e2bf34024af9b432aafbe6cec774b582d5e5c3f67e65ba89a2ff27", "f2fbcb4d3efff0ea55df87618b0139be5c428b3cce89ccaf6154b1c9b8038994", "f8f8f257a4ecc4b915ba7f8f39c6d6743893b033dfc85678cafb52947e6c8543"], "iocs": {"domain": [{"host": "t-online[.]de"}, {"host": "sbcglobal[.]net"}, {"host": "myway[.]com"}, {"host": "searchsingleshere[.]com"}, {"host": "emig[.]freenet[.]de"}, {"host": "charter[.]net"}, {"host": "ff-ip4-mx-vip2[.]prodigy[.]net"}, {"host": "excellentrxinc[.]su"}, {"host": "freenet[.]de"}, {"host": "fastonlinevalue[.]com"}, {"host": "ev1[.]net"}, {"host": "cableone[.]net"}, {"host": "globetrotter[.]net"}, {"host": "relay[.]globetrotter[.]net"}, {"host": "bexldo[.]net"}, {"host": "e-timetoroar[.]net"}, {"host": "genericpillsinc[.]com"}, {"host": "buziaczek[.]pl"}, {"host": "rulovers[.]cn"}, {"host": "karina[.]rubeauty[.]cn"}, {"host": "kristina93[.]loversru[.]cn"}, {"host": "bestprivateinc[.]ru"}, {"host": "bestdrugassist[.]ru"}, {"host": "bestfamilyeshop[.]com"}, {"host": "hb[.]tinkerfcu[.]org"}, {"host": "curingbestvalue[.]com"}, {"host": "fastfastvalue[.]su"}, {"host": "fastpharmeshop[.]com"}, {"host": "acninc[.]net"}, {"host": "curinghotsale[.]su"}, {"host": "fastgenericsdeal[.]su"}, {"host": "goodbestdeal[.]su"}, {"host": "globalcarestore[.]su"}, {"host": "fastremedymall[.]ru"}, {"host": "ameritech[.]net"}, {"host": "classoneequipment[.]com"}, {"host": "chiclleida[.]com"}, {"host": "ferbravo[.]euskalnet[.]net"}, {"host": "scan-associates[.]net"}, {"host": "condor2[.]telapex[.]com"}, {"host": "commonhouse[.]net"}, {"host": "codasoundusa[.]com"}, {"host": "newonthenet[.]net"}, {"host": "e-wholesaler[.]net"}, {"host": "cgce[.]net"}, {"host": "chopanov[.]com"}, {"host": "westbournehouse[.]w-sussex[.]sch[.]uk"}, {"host": "spideroak[.]com"}, {"host": "cfw[.]me[.]uk"}, {"host": "banking[.]achievacu[.]com"}, {"host": "lucky-star[.]com[.]pl"}, {"host": "franjadeponent[.]net"}, {"host": "coffincheatersmc[.]org"}], "file": [{"path": "%WinDir%\\SysWOW64\\config\\systemprofile:.repos"}, {"path": "%WinDir%\\SysWOW64\\config\\systemprofile"}, {"path": "%WinDir%\\SysWOW64\\ibpvucix\\"}, {"path": "%LocalAppData%\\Temp\\gphgpbfw.exe"}], "ip": [{"ip": "216[.]239[.]34[.]21"}, {"ip": "255[.]255[.]255[.]255"}, {"ip": "239[.]255[.]255[.]250"}, {"ip": "69[.]55[.]5[.]250"}, {"ip": "68[.]178[.]213[.]37"}, {"ip": "172[.]217[.]6[.]196"}, {"ip": "66[.]218[.]85[.]52"}, {"ip": "66[.]218[.]85[.]151"}, {"ip": "212[.]82[.]101[.]46"}, {"ip": "104[.]47[.]2[.]33"}, {"ip": "74[.]6[.]141[.]40"}, {"ip": "74[.]6[.]137[.]65"}, {"ip": "98[.]136[.]102[.]54"}, {"ip": "5[.]9[.]32[.]166"}, {"ip": "46[.]4[.]52[.]109"}, {"ip": "208[.]71[.]35[.]137"}, {"ip": "98[.]137[.]159[.]25"}, {"ip": "74[.]6[.]137[.]63"}, {"ip": "176[.]111[.]49[.]43"}, {"ip": "85[.]25[.]119[.]25"}, {"ip": "144[.]76[.]199[.]2"}, {"ip": "144[.]76[.]199[.]43"}, {"ip": "98[.]137[.]159[.]26"}, {"ip": "104[.]47[.]44[.]33"}, {"ip": "172[.]217[.]197[.]27"}, {"ip": "66[.]218[.]85[.]139"}, {"ip": "67[.]195[.]228[.]141"}, {"ip": "212[.]227[.]17[.]8"}, {"ip": "98[.]137[.]157[.]43"}, {"ip": "208[.]76[.]51[.]51"}, {"ip": "144[.]160[.]235[.]144"}, {"ip": "104[.]47[.]9[.]33"}, {"ip": "98[.]137[.]159[.]27"}, {"ip": "43[.]231[.]4[.]7"}, {"ip": "194[.]25[.]134[.]72"}, {"ip": "213[.]209[.]1[.]129"}, {"ip": "188[.]125[.]73[.]87"}, {"ip": "64[.]136[.]52[.]37"}, {"ip": "193[.]201[.]76[.]57"}, {"ip": "98[.]136[.]101[.]117"}, {"ip": "67[.]195[.]229[.]59"}, {"ip": "98[.]137[.]159[.]28"}, {"ip": "74[.]208[.]5[.]20"}, {"ip": "74[.]208[.]236[.]137"}, {"ip": "104[.]47[.]10[.]33"}, {"ip": "192[.]0[.]47[.]59"}, {"ip": "216[.]146[.]35[.]35"}, {"ip": "74[.]6[.]137[.]64"}, {"ip": "208[.]76[.]50[.]50"}, {"ip": "144[.]160[.]159[.]22"}, {"ip": "82[.]165[.]229[.]15"}, {"ip": "40[.]76[.]4[.]15"}, {"ip": "67[.]195[.]229[.]58"}, {"ip": "8[.]20[.]247[.]20"}, {"ip": "89[.]39[.]105[.]12"}, {"ip": "213[.]180[.]147[.]146"}, {"ip": "68[.]114[.]188[.]69"}, {"ip": "203[.]138[.]180[.]240"}, {"ip": "195[.]46[.]39[.]40"}, {"ip": "199[.]212[.]0[.]46"}, {"ip": "157[.]240[.]18[.]174"}, {"ip": "167[.]181[.]46[.]232"}, {"ip": "109[.]69[.]8[.]51"}, {"ip": "212[.]77[.]101[.]4"}, {"ip": "209[.]85[.]203[.]26"}, {"ip": "17[.]133[.]229[.]14"}, {"ip": "17[.]133[.]229[.]13"}, {"ip": "17[.]57[.]8[.]135"}, {"ip": "17[.]57[.]8[.]138"}, {"ip": "17[.]57[.]8[.]136"}, {"ip": "17[.]178[.]97[.]79"}, {"ip": "17[.]172[.]34[.]70"}, {"ip": "216[.]40[.]42[.]4"}, {"ip": "17[.]142[.]163[.]10"}, {"ip": "195[.]4[.]92[.]217"}, {"ip": "173[.]194[.]76[.]27"}, {"ip": "117[.]46[.]9[.]103"}, {"ip": "157[.]240[.]18[.]63"}, {"ip": "142[.]169[.]1[.]45"}, {"ip": "64[.]233[.]166[.]26"}, {"ip": "87[.]240[.]190[.]68"}, {"ip": "87[.]240[.]180[.]136"}, {"ip": "172[.]217[.]192[.]26"}, {"ip": "207[.]69[.]189[.]229"}, {"ip": "104[.]47[.]53[.]36"}, {"ip": "69[.]168[.]106[.]65"}, {"ip": "104[.]44[.]194[.]232"}, {"ip": "104[.]44[.]194[.]236"}, {"ip": "168[.]95[.]5[.]113"}, {"ip": "168[.]95[.]5[.]218"}, {"ip": "207[.]46[.]8[.]199"}, {"ip": "70[.]169[.]223[.]215"}, {"ip": "168[.]95[.]6[.]60"}, {"ip": "85[.]13[.]131[.]232"}, {"ip": "208[.]80[.]206[.]91"}, {"ip": "204[.]96[.]26[.]100"}, {"ip": "94[.]229[.]138[.]130"}, {"ip": "79[.]96[.]161[.]121"}, {"ip": "66[.]175[.]131[.]136"}, {"ip": "204[.]246[.]122[.]94"}, {"ip": "74[.]126[.]144[.]79"}, {"ip": "212[.]159[.]9[.]200"}, {"ip": "52[.]206[.]51[.]15"}, {"ip": "185[.]164[.]14[.]22"}], "mutex": [], "registry": [{"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\ibpvucix", "value_name": null}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "Type"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "Start"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "ErrorControl"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "DisplayName"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "WOW64"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "ObjectName"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "Description"}, {"key": "\\SYSTEM\\CONTROLSET001\\SERVICES\\IBPVUCIX", "value_name": "ImagePath"}]}}, "Win.Malware.Zusy-6822787-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Zusy is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe\". When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["066d2ec864546e803031799ceb753c0729fd3fea5fee39ea32c7663cbc49ac4c", "0acd289c882b13ee2ab19fc065e675257f1be2795c5a9335db1be072b91137cc", "131c42eed549e4ac2995b6490cf5850e8713c7cacd3a5f6e8e0663d6e66a8bdb", "17ee81bccd57621bfaf7da158b68c11da1d3fd633f632ee1505823b022b7aeaa", "1deea19fa1060fdd6c5be36b6e8fd0dab37d17f4bf8e3adc418d4a28bc2e7753", "1f794910366228e4e66c3accd298d7159de6709370060edab157dceff6366fd9", "383c76d17194d3f95579b607f472f8b7eeef27280ab71f17c13f6d02c5e9891d", "4292bb14f28f0b6c2caf51f765a2c923caf4ff23f4ded0d791859b295cd8ca6f", "47b371a3cdeb0aff41456ba7597044a01f1aaac1ede2070fe6549b1cbda78f39", "4b5def0798881f70fb99cd1d96bcaffadc552652205264a6a14b7661dd5c260f", "5189b875f1f85c6b6d6ae3cc6d2922df8d8126269c32904e66af2f93081cb0f5", "51ef4bd2753e8ca2eefcf0c106110bb5e0191270ba94852d0df9267e7545535d", "558980fb1ae5ebef3efab8dfec1659a0407b243e3ea80ce9206cdbb821e8307a", "5664f44cf690e8084108f87f63ec9485cf7197846eed744a0e6d5a9a50b727e3", "5aabbed6b1e0973a02a33e35317b8acd09902b009c2bd6d1826098c1399ca1b8", "5fbe5fa066cb326ad3449dda72d41c3f7c13e7e53994f8783c398cf50b565bbb", "5ff9243d8d9d9d91a0b808e5a48e49577673a7bc490ff2d932c95ad97861e260", "6e0e7073accb6f820d47af977f502ae090c9a485a01e2f4844fa23b630aba3b5", "7df09dd5811ae5b81ff5a7b8f24058fde4d4033774733b9c944f9333636eca4a", "7eabab9ef1146639dc2c5ff6b81745741483a62df6453386f045f5ac011e2fbd", "82b95a38e9b61a85ef38b821f1f061bf2e089f21e53b39a76b040358f0803c5f", "8a61accd073ef7868fdfed4e18833f8edcfca716afac37cec88e03130617d3ca", "8eb4332282fde7742e91f4e4652842d95e953e9921b0580a17e2f9fa70a0bcf3", "8f3b61b93e8f2a2e5c20cfd9dfefd836ab5fc1fff5e60bba7e4d291c190afb87", "92c07c6c53d2eceba6b5563c6b701b10a5d74af3e82f06e7caddeb5e74ae7f0f", "a83e4192189cde3e17bb576404452047fd8ee727dd135091cef559886fba19f6", "a8ff8039fe344173a4c431216b02a5d0b3357f87108548dcc822c68848253089", "bf2a20956650e4004f320224a6da051e08c68bce02eb1d0d2d48e16da155f58a", "c5805ac6b7a2c62f882b5406a4299b102bfdf6d38330a1afa1aec4f5a00e8720", "c6fcaac7af229108ad35918018528714477396d10da4257f5a1de37d9373e38b", "c7ac4f71b4b3d872a7d27eac638e70d52f24d7c75b8c42a6dd389672a65bd3cb", "d8aac10850d392586ae5af56a97edb6028390b4569023731e58c80e5fd25fa3f", "db7c3abd07b2b41a44e9afe63dca01a55411d5da1611966a2a64172f85a44114", "e7becdc862b103924bb6db0b717c601e817fc690bfcdc58be3624b06958f4e85", "f1a0ca0074588e88cefa283feceb061136942b54883ec8577419c211a7839322", "f4e31a44d3094b804d3ff73bc56ca64c90e2938cc90e44dad77e5f07fb44348b"], "iocs": {"domain": [], "file": [{"path": "%System32%\\config\\SYSTEM"}, {"path": "%System32%\\config\\SOFTWARE"}, {"path": "%System32%\\Tasks\\Update"}, {"path": "%LocalAppData%\\Temp\\A1DE8592.tmp"}, {"path": "%LocalAppData%\\Microsoft Help\\restewbes.exe"}], "ip": [], "mutex": [], "registry": []}}, "Win.Packed.Razy-6824365-0": {"category": "Packed", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Razy is oftentimes a generic detection name for a Windows trojan. Although more recent cases have found it attributed to ransomware that uses the .razy file extension when writing encrypted files to disk, these samples are the former case. They collect sensitive information from the infected host, format and encrypt the data, and send it to a C2 server.", "hashes": ["00958b0eb7138a5cc3901f47ce902f6216b076fa341f9f7cda1bcfc62191b42b", "0ddb4e64337d7a3b5e7980bc3d8b2e3d1a8870bac611de6b7fd4ea04e4b13834", "16981b12217330adebe7b6d4ff08649f5ca2559b18331a0d0a6b79bc6f65cdcc", "1b2c133834c1edf5a9696671bc555209abcdf17936c851942892015622f21c50", "1da3d125ce62a7317cb80f4d48764995c8f7a84a15aa3a37abef6e03b4d8d071", "30bc3bf1588a0ffa91ca8e494a5e7e40cc35c80eeb3a77c23d9fb98a251a7e98", "3a1b58d54b6580a3d81fc5fc9cddd6f7eccfcab8f9f41fff81e45200d9d9294a", "449c7ac8be0256b2ca573101eeb65cb0a5be0af883974f68574625f2f6bff7f8", "44d438154cee044e36cb2a539261b3549d9cd16bfbf4d512073bba36a21d92d8", "5033ca548036bc7fc8a988dafab88c0e7694701b12202522207d5cf3d194a31c", "5c36d36a367eb555fcf3373121ec0ba2884ef92741471a65643cbd29f2877b9c", "65a753ef5c366e3c79c989948d25504822ae31754d2af381c2c2039a2f5d52cc", "78058316dd668f0052f9c8753cfb2c85c31a86bf9cf17fb9989de7efa6f34f3e", "7ca95a22275a3f76ab51720871d3fff23b57a640c628e940230efb05cd0a32f8", "7de1ddc87cc6956e6e20231d708073b011f5d03f79acd7dbc40052a3f05d60ea", "856dd8f3138a9dc5858bcb80efa1abe8634b995b7f597eb6235002f13371c176", "88528338d3eb4452c37548280f1c36d7e13eaf63cac1c320ea72f1f99403fa57", "891088ed7a0e386a1c84b332b0aadce6f4709958aa07614c7cc83797518a95f7", "9e5a684a10fb0f567bed0cbb71488bc9bb79d7fc15500a0da48c34caee6a804f", "9ef872a783502bb47d5a461d231e26e301cc9f6e4625e7bd0ef7a01620f89b47", "a8cd581c54ecf14da45460fa8fd8e5f5e43133b78135df9e2e8ae5c36af635a3", "af7b095f795a599e83c94d41432b2755d7289159075147aae6931cc622dac30a", "bd354725cb308fe831075414d4e9f2a2dcddbd16c900484f9aa9e1bcf2bfc6cc", "c03a12f494da082c5c108fd80c1e1a2a1bd8be7cc8dcf3fae02f8bb39bb11944", "c088e5a96993d5361c5c0b138dd17d658de50a4c1007b4d6e5a971df8a8c39bb", "c168a00a4eb88a24ce934652aaa88757abd5b57912e1209891dba08ed5ea2d73", "c705363f02adc32ccc737789a03d0d7807e8d5ed72ac27683291a4bd484505a5", "cb13616dfd9a699fd6d511743cd4504dcb2ed6ba8f2bad6c1e5a898995e09e9a", "cb576e39ecda1c5f1ae7fc703a6ffa84ff2a9904eca4c7372f215cfe06eb0111", "cd85208910e0a17d5d4db6c9ec8c4bf7f812284dfa422227a26676463e987c79", "cddc6d57334517e493716fd152536185121a7f46e2f819dd5a7b36962ffb6f79", "d13f116e21211f2a560774b94376b537dcea634a3491388a8a50da7abbca57f2", "d8d169b3c880815b115993fb5d637ec8b23cec7aa8e64b302c96314d5e6eab58", "e79eae1b04c0741ce3bf1699025fa36d307e1e709d3273dd1964e20c85c5a816", "e94b05ac50b7f7a705ad1608240abfae299f1f3c676178fbfe76c1b929f075c1", "fab0ea9afed77128d103cd1c193faf746221c29dea92fe4b3e35e755990b6d12"], "iocs": {"domain": [{"host": "kwowwauubfk[.]com"}, {"host": "bqwzunofd[.]pw"}], "file": [{"path": "%AllUsersProfile%\\ph"}, {"path": "%AllUsersProfile%\\ph\\fktiipx.ftf"}, {"path": "%LocalAppData%\\Temp\\gocf.ksv"}, {"path": "%AllUsersProfile%\\b95c"}, {"path": "%AllUsersProfile%\\gvpax"}, {"path": "%LocalAppData%\\1596"}, {"path": "%AppData%\\f2s9398"}, {"path": "%AllUsersProfile%\\0n48x8"}, {"path": "%LocalAppData%\\o1me3"}, {"path": "%AppData%\\d991m59"}, {"path": "%AllUsersProfile%\\3qy3"}, {"path": "%LocalAppData%\\7a92"}, {"path": "%AppData%\\98u3"}, {"path": "%LocalAppData%\\31m53w"}, {"path": "%AppData%\\4o5w356"}], "ip": [{"ip": "66[.]220[.]23[.]114"}, {"ip": "64[.]71[.]188[.]178"}, {"ip": "184[.]105[.]76[.]250"}], "mutex": [], "registry": [{"key": "\\Software\\Microsoft\\GOCFK", "value_name": null}, {"key": "\\SOFTWARE\\MICROSOFT\\GOCFK", "value_name": "mbijg"}]}}, "Win.Ransomware.Genkryptik-6824111-0": {"category": "Ransomware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Win.Malware.Genkryptik is oftentimes a generic detection name for a Windows trojan. Some of the malicious activities that could be performed by these samples, without the user's knowledge, include collecting system information, downloading/uploading files and dropping additional samples.", "hashes": ["049f02b69493dcfa1c2740519a965f5b3cdad94319480787f608df39646d4a45", "08703057fe22c4df53c83e1406c772d24148a570efb9b636307420c56a506fea", "0f52ae41d65fb4790aa778431fa32cc037cc4d31f734b6a540bd37668deb4df5", "1102ae383bafc64ff90b952f8f96797801396ad00b12e62ece8c5bf667bd7917", "136c0293daba6aecf870d253aa9393c085b8ff1dd6d47d71ae7aebd296c715b3", "149022bc418cf2110bc02bd03d65bc5c8e62c811b94361afe48a95c5a2649e64", "300c7f5229eccb18cef38365f7567ffa0d5a2226b2a338083f069e4349ee83d9", "311da3fa5daee4b28327edd53ab5aa57f061708b2dfa8fb755fd08854e2798a6", "4d652ede13a7424582090164c5d453a08610848aa6c2b34a2cd9641f2f9e4761", "5147bffb5e30bf2e6b0c38af954aa7de64ff15964b32df334a2881b3d34a88c9", "546c3e1bb5b13f369f8aa7333d7209d736c90edb7db2f41410ce42ceb264bf30", "561c6fadb78eb3c1ab18596a61a348af4e052b0a33754b1587f7e8f07ebb864d", "5724e9dbdc024c683ea3bfc2726c951fbbaf8faf46f4c61d7f1b5d24e0df0c19", "5bdb3e691c8f07c16392e5077601bb445110cc6e0aea0d5547b4469d82e06f42", "5d5d0f07cc4358b44291c6ee3455a3bc19ccea06fa66364bacd3ad051a368758", "5dc30dc295fd5a286c6ab6ba287d4b04373c16e1de75182a6ea221394dae1137", "6178f9c685e131ec20d7981f461e9947201b8ed5edd7ff64514d4b0daac78a7b", "6447cb09817b37ddb3b107e97060e9becac9ccfca8662cd3a193eec06ba1c35e", "6d5ff7b6af5fcab6b9a12a5213426b1d2fe93c06a039d25676bb00f2b3ea1231", "74625b4620d8233adf151b7c7797384e12e22df6fb67006482bcc8437c070838", "7733201b8330bffd8a41dee35a3ef2005e8424df477a5fd08fb52651093e7700", "77b8aa573a3967891d4cd3e93ec76a1004ec8294f0c479ae8043e821d06dc78a", "7ee37ca283d2cb7ef6fa8a8e507de85875b5796d5c006ea599d55c11f5e6a7ec", "86b98581605b1b0c5286f307bfd79338c74fc5bc73ac11e1abb0cb37f97d98d5", "8bf4d086da3f18e4c537e107ebc802056d0b0dc4813eee8c884671c9a68d587b", "8ef3aa33fafc767633de91dc356e8de7b188581cd509e305277e1767fb502711", "9062036d02a59b6a2f3604d813eee56602918c177a6cb92cca8d2a6714ef021c", "92feda8b6a11ff43c51c2e52fbe339cca57c2004026d9a7ee29404d1c70dde1c", "950c355988315a1a69bfd504e7956fe57fce171477c307c8c389754afb5931ed", "a0735168aea1f49363641828a374a397d54efed4c52990ff397c086d06ecca18", "a08a0101706c8a5ee429625cc7223dbe5da48ebdcf74d204f0756ff6a944245e", "a4b0f519d729910d8a648f1c07c3205a40a48038995aac6e5860e50261b87b7d", "a7920bcf32b7f86410baee20013cf1438ca474fb478b1ce836ba3f2b9de9cdc8", "a9bdca95985809726ac089960a8692b079fbc43315f1d8c772158a18c668ea46", "b7be96d6d31879bd5321ac7c4f1ba7d2ed80ac3bed8b2c9579c036bd403c80e3", "bcf711758d9dfcce2621f14a2872a9f2fccd0f5866bc0b267d9031e8f6fde6ac", "bdecaa828c4d33fa899990df06e23e04c207c336a3c3acfd19d8286736a2d81b", "c47556b92c30cf26605a3edf39a3a4e7843d14b72b0b9f2284c535ab16d93cf3", "cca46c58bffb43801adbdb7485cce36308455bdf8100f6462e147a09fdaacbc8", "ccedaad3f8a7504343a95d9e719ff16380703d3dae0003e0673e5bf120f83e00", "cedb5000c4b6c4cffe4d85399a6ecf7b39406c6e6a5b183d8fd2cf44f0c1e6f9", "d1e23d602a23052f767ec5a022eb056066c887331295d6d725735ecd3513c931", "d373acdaf8ddffb0a8760da9f749f0c763fc5bb8e76a5e2a6a975ab4143d7dbc", "e1d5912c0980b8ba95634a3f1edf2eafd393fade98b352829d3dbe20805dd8a1", "f0cd21080464eec5d8f45f75872c369d81fbbc76592d1190feb966d8a2c4635e", "f59f808550a12257364d11889e0ae5f99a0d2eda80dd5363dc095df4ac684dac", "ff3cbb0f1bc64ac518a0c5dc4d786adaa0cc68367ad9483ba44069ef6ca3ddd8"], "iocs": {"domain": [{"host": "top[.]pubgplayzonejoco[.]waw[.]pl"}], "file": [{"path": "%AppData%\\remcos"}, {"path": "%AppData%\\remcos\\logs.dat"}, {"path": "%AppData%\\Imgburn\\imgburn.exe"}, {"path": "%LocalAppData%\\Temp\\WEALTH2019.exe"}, {"path": "%AppData%\\Imgburn"}, {"path": "%LocalAppData%\\Temp\\Mirijana9nyhedsgruppeskitte.exe"}, {"path": "%LocalAppData%\\Temp\\~DFE751F75B3A32A556.TMP"}, {"path": "%LocalAppData%\\Temp\\~DFDEB24D10F9017BE2.TMP"}, {"path": "%LocalAppData%\\Temp\\~DFE5FA503DE0D2D852.TMP"}, {"path": "%LocalAppData%\\Temp\\~DFEE43B3EEDEE2644E.TMP"}, {"path": "%LocalAppData%\\Temp\\~DFD949DB000F4368B2.TMP"}, {"path": "%LocalAppData%\\Temp\\~DFCD42A77CD5F06772.TMP"}], "ip": [{"ip": "84[.]38[.]135[.]91"}], "mutex": [{"name": null}, {"name": null}], "registry": [{"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "internat.exe"}, {"key": "\\Software\\Remcos-69PU1K\\", "value_name": null}, {"key": "\\SOFTWARE\\REMCOS-69PU1K", "value_name": "exepath"}, {"key": "\\SOFTWARE\\REMCOS-69PU1K", "value_name": "licence"}, {"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "SKIVESKYDNINGENunenterpris"}]}}, "Win.Worm.Vobfus-6825980-0": {"category": "Worm", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Vobfus is a worm that copies itself to external drives and attempts to gain automatic code execution via autorun.inf files. It also modifies the registry so that it will launch when the system is booted. Once installed, it attempts to download follow-on malware from its command and control (C2) servers.", "hashes": ["0037d65faac14ac7334d7945e27569d7cc3d5dc523721e6663250a12cae30970", "004cc9d4425a0e10fff6239ae475488707ebaf7f2a6e4a3dee7b34ce5695c321", "0067963d2aceffee9ef4f6e721810751dca83d21d0712abfa833a25e22ba4dbb", "0095c53a8472b4a6c607cb35a3c6a1a6b6b9bdb73411982877cd36bb337fe622", "012f637a2ecc4fcd7bb899d15bd3154da2e57990b06a2220a70275e4d71f6f1b", "014a73b4e83e353606d90832f8ed0531621a9f1b18ff8886f6ae4f0ac7fea1f9", "0168589ab988762e304160c1185d9f0cfda9fbae862d49b287151e2867434698", "0174a979de62c49713dc26bf492bfb8e938663b6678718b31b93a1ccf74a7c0a", "01833d63634a87bc656d3cb19e81a595c1ff2f9b576881d938d94276a3b19421", "01bb231426f9f04f1fcc15816758ae71cbbfaa4402ae208f2d97393f5e169eaa", "01f729500c940572e0fffc33813e6b390a11702f0023fa23e2a699f090843ca8", "01fabdf325a2cc93b441ad0f6fd5045d60f4948d1a675efab4ae6b6dd3d09e84", "033634d5e256d0c401521f689f02298c03161d93a73d6ee7516728e312346e59", "0405dd8730790632cc9af7a163bcf2edfe53dca323e2bbe51eebb1176e3d88c8", "040f4aa4129dbbc8fc35fa755d54819cd879cc1df72717c7326b3dfd2419fe68", "047a78afc2d81bf8c214cd3ec65c993f8a20d530e317e75364a6a8406b527259", "04cdd36585f184a6f00628a41e06df4e6d48e14405bdb1cfeefd32d6abece39d", "06180c973c1907270017c6c4d49f75fdedce5e0b303324b001db54321776bfc6", "06237a002970ae7de3bf9f30e3d7555366cb10f3e56a2df9a8cd19ed682f138a", "06318d4771dde1557bb1ef47bce6326768e83a5124051e296ca2463f9693bd50", "07ba24b2c6e0d1480180221ddb1854cfd5ccfef50487e13f71134669d0027e0e", "0885ba5f2be768f907c88b520c412d76734e90cd2104f36cbc14bf59c28875a3", "08876ed5bb3db929653ebd493da0bcd89d876d3ed96f0f8d897daa31719cf150", "0939e8b87435767e67f2b6850a54d6abe3b037639e8c076465a167f1f4673306", "0a9b4d6c0f1b0f87cf7e953c06d4684607e688252cd6d8b9bda28ea4bf8c871f", "0c563daf03b490389f36d22b779ae43cb540db62f1e453607fb06f90d4bf166a", "0dd0d57ed10339663922a7fea8dee158c59fe16387ec9ad7604b28f725c87c68", "0e2877f25fe56997128b6405780ac041211961c93b52ba888386989b99edb900", "0e64282358f83e8a2d4772eea2c0299bea929e2387ff7dd15d6f9057982fe286", "0e7c8efbf4edee63eaaa6b4ed67ab945079db739d27ec97da19e2c65f4aa0614", "0f6103956fab743a756df69c83699baf03e48805e0bfa08d939604c514014a5c", "10155a8282e5840878a860292fb96b84844a66b636c11d4a36e176a94330dfba", "10ec50b8611d95d67a560170dedad7cab315900df5b49922628b23e124b9f88d", "115463fe1560004bd6d485dc0dea49e35007b0a09ce689f6c731446593c8649b", "1163fd452b83f4ac5dfae684f465aacb4af6d855d530740eb7e61a64fa73018c", "12946db3a24fecb6a0b4893c1e103ea4dacdb8a21e5585523d1314650a2f9ba3", "148a00bd48a41da1d114bcacb2eb4980e99fcdd32922ec5aca2b03bb50f80bf2", "14baad295afb77b6d0ca01bfdf5243cd0a72818245f36b766f978375368ccc18", "14edda31eb4b05cfeb851e141c6649fef1268f89c77dd9a2623fec0b0fe72e46", "15b22d7bdc0079a9b55d79f7be7b849e10d1e9c6231fc56b44e9a6ae865b7eaa", "15e238202e30db279afde81ba66a0bc5928fa4d79fb6e6c7141c69ed3521bf49", "1684955b53552a49f901d4cb9029c3c98342818348f029b5f375550d92777ead", "16c74dbd618eb0ec4f744233db4b83da26d498df61dc90a303dd622bbd477a4d", "173ad1c0674304ab76efbf6a07e886e406561abb3f151812ba0dbd5f429ad316", "179306a40b7abc4503b93ede0c1c1db3681485fd7c9dd5c93693564b0bd5394f", "17d469b89b31799c38a493e0dbc5e6888480288508efd7e6f4c4ac076e3f3fc8", "18584f6ac89402268f3874bb51a8019075542af2698b5511fe721b9e5692e363", "185d23a70b46c42636247acf03c036f96097678ff347e3abfab52969b89c19bf", "18df5aac6541044d3ecfdb5530e38f1964e9fd2e67b9267da40aa599fe033f9c", "19d09ab0dc968868fe0f6bdb8b63e7bbefb744aeb528b7e3fae51dc2943c19ac", "19eae55bee3b756898cff6cbee9ca7dbc0bfa001bd7bccf1edf1b32fd29d8918", "1a49934f246ef5473afb8d74c9838a124c8380c8dcbe4439fda4c53922b07056", "1b08e063f0c6f4fd6df74e40bb4d77b7cf6081cdcffd475e4141b9d60e564c5c", "1b9a1fef8ea416edda3343efda61086c5aff9809995d9e3ae9d1e2d7c5f3d273", "1bd09e8386dca4658966d4b7d9b8840fcf2ce7c49987a600bb33d6bf91e39b6d", "1c87d0d1a06245d0efe6a15fa70f64591dae89f6d7159211e7bd39f537ab40dc", "1e9baab5d7af33a929cc55b130c56bd24a9796f919305535500d4fd3c4b3fcae", "1f7568f4d3fd3ea5aa16ca3d84b37ec4ca4e7e50e0e1707940a35a72647c2541", "1fc94d3cc9ebe60db57fc4a703a7be5886947de2dc78f5c1b98be48b27ce8b6c", "209c59eef51388f06071491d089f72f47104fe781d116f591c3201ffa8398c16", "23aac189898d46efd318ca67353f2430485bed12ecc98fa66b2c3b7b27e1c2b8", "254787261591b54be0d43746b35a5cf1f1f7a796b097560c6a8cb044ca483c48", "256cc9d146cd0ee6ffa0b9781e4fa387ae311c4687830f5432014c3c87f893fb", "2635f15d2b3091c5883792337a0ad5438e8da56563f8186dc2fbe2cf1d0437c1", "286b90c70d99dc96463c7a2686f35cc0af7f97c28225b6d93be0d58a162c0806", "297285dfc833322dd9bfbfd28f30fbfa4647cada57b9af35e70463ba7440b84c", "29c96200ac1ce3ef2d2fbe10fcfcd9b9c1c48cf497e65bc6fb4c8052a7c30c07", "2d145970a2f0b6d2d27a20628131106acd6fa2034ee846d754473cd14a822317", "2e4b88d570b2c5820ab0c4071c103c8d59b4a5bf791cb3b50179a01397dc995e", "2edd9ef33dfa58aa0ba7ecaea2407ac5a6f5ac2f8a7fb72509aa793d7f93d0c4", "2fa1a2b2c988e75a44bd430a795eacbe91598905fe1c918bd79450af83d3a1ad", "2feb3ca980d223ba11e0c544ae0d0517999c3d89845dcf7cdf61741374fdd176", "320668d872329df9f2d3bbf6f3a08f46a681f2d5e5b45c928d04a272118cd935", "3255653c9630accdf474cbe63220e63d40a092233df34dfd58c1e8f48a73e25c", "3298b3c1e75b7575153c9e193dfb0c7a182b1e1663d4d13d5a6c2273fd10f2b5", "341071f0cf17dc8aa5b39a620d321f8fed25fa408f676b796b949a671ced5b64", "3415e85a9c3159ee8000b91102f84624cf6977c92770bcf28249f40cc3eef517", "349c6b9301c03511deb881ec8e8f3c6b97e9ff28402cfdcbb078796c201c9e86", "34d71d2820019f5f44699023b93ae57b2488470a7f27886a02447724562c2c72", "352714b70568c0f181b8cdf4041d553ce6f12489861d17b92daec3fe4ab30106", "3593212d3206b90c49ba008fcbeb5fc0220a7f240515ab8b20c9d3af385579cb", "35bc3a36476534830ba230e2a28186d61225b22c2a62173b88a7f75bc2d79c38", "3653fabc6f345147208e082aef46d7257f7ef13b685df6b1d0ad5032aaf2077c", "36573c352254a8825d990a3df3743f3e650a4ee0d0a9c1540180d93f7921d203", "37780cf7a5af9bf1c17ba2914d4c422488eb4d31cca53f878748a9546855656b", "37e79c90efcda51fdd4c44b05981410b6c24284904aa55cf45e09711acb1b50a", "384cdde6e54bcac205b0dbf30b018a58748d781a7759249828bd77159df569ba", "3ad885a73206da1a2e628ff32d4b413d72ea440d92f3c2c6f5a97a748621e9f8", "3c3d37e23e494f04d68dacf177e449558153c90718058b61ff6d74e12b39f22c", "3c3ed33c25747f1cd381dcb834ba2932a43353c6a5c42763f88fe6432d26f90e", "3cc19e608994d027c04c31cb695c7f6c714df8ba744b052f31cc795b77a7fa5c", "3db3516e8be431a0395dfaee3a94cbe93ab0a105f676c27b005db6ec0b0a88b2", "3e0a71fa8142c1e6290ed9d8e2d1000024fc41bb10bc3bcda33b3d69ea393719", "3ec5eb1b8a4565e903b2780b9d04c294a78bde3b640651e1d7955b43c4790afe", "40387ea31efece0c124594ed3c75fc6269ef6f0a376d33de563d1e1b840ffb79", "40d0d66927d01f0b719356880a09e78ba7d6196a44d1525c6f16432ca035dba6", "41e7970b00924a8e17f05fd2824098dd72a0d8469960bb310b1aa7e8dc4f849e", "42441255a082dfd1b2fd7c0fb9bdfe8eeebbf98bdb11364fd53356c3a8c56b0c", "42fbd036b0daf51acf17e0787e5b2369604a83750095031bf09ac52cfd199959", "43776add7f2d1c9678e2249de0119b218777b83334093b748fec818c53ff2d15", "43d6d865713436883894d13f73db908d66a0138e43d89310a982f40851b725d6", "467a7e01dba67e590a14ec0f243704df664081b52197d32d50107a77f8ee0dc8", "4ac050f4f19c33fa42f9c301369a7b430d4b954f6d413a5a92567dae1a8ae5e7", "4b8a6ef37fede09aa02b0d2c3b305f562a8bfcf32740ba9bfc60b72f69c44e5d", "4b963ca08493269a1d9a6f5c16dd6c88cdaf273d8604ae7f9a8d6edb759085c8", "4d38d5b3498310a795b3dc98a3347d86c1b1f1e0dc3a81871e6c645af1f9858a", "4f6d81ef86f3817dcd6e2887927aacad45de6f1face18ecc73ed7d2080242922", "4fd3959c9f45a9666d91ffccdbdddf1a3dd0ac7a4214a5ec21af51512bbe2db3", "511d838f6c8915d1d3c2dd4bf157cb1977a20c61213ef5b446591d9d466fb041", "53a09fd5c1d69299bcc5bbdb3c468b36b2e75f2d2bff2cd47856cdc7f89345e7", "553436b394df1cd2eb921ad47379a6f01bdf5465bd1b69463e97421aa59453e0", "56a596ee68dbb1cb72cbfbad047774178ff325dacce479cd8c43baf14c6fa9b8", "5720051d51361f86e5dff163b0bbbe12f31f6b7ff36676d291107a69ed7f0a06", "583843d049869b68232f720cd4feeda3272d7f1892ba9e19a2791d7b2bb10a8a", "5c88e4b7b9bc2c7d3bf118b02cad531fc2fd4d42f21befffc65f9bc4b07e7ef4", "5e77b55a8730b9cb0794385fc0cb92de644842b8ef2425b1f5a1c9a13916ca18", "5ed8a19e1196ed4ab4ff1bef9c9f9d920c492f9bebb4afba24d342a9d99552d6", "5f42d3f7dd78ba38d860bb1e11b02e8922b4a328ac4fd2ba026cd10c54cdb10a", "60b3ba3741a3dcd1bc5f0d00ed03b77474e9fd8ca9fe80781816e240e2d06e66", "61567f9937343febb3a5d92e90a2d2d7aa635048a913be5ad0fe0b1ba2f2236a", "63ee3f3ab60d2281fa2a4502be76ccff9f0a0a9ee9aa68ad863d6eb98171399f", "6456ed1eef3bfe027373c1b31c879e85f3e8f6d4183b6843fa28fd471e0f1838", "64fdb04a94a61a6956e27fed5886f08f6aac548396e234412afc40a1358c1e3c", "6513d029311bceee5765e939301940a1fc43dc0365de6635a8c37b386ca0471e", "6590a68e0754f955e0a588a85e17e7a1ea3ec74fbaff99a8a152d5f29df999cb", "69e26d5c4f40fc7035faeed07bd3a0720064cbed9ca47ae19ad27b956683d3bb", "6c36b91aee041e8c9291ad73e0120c791f7780c879167dbcc3b98ad3ac51b418", "6dbf1513c8db8cd0ae31b0d22e25725a0d813ca40506417887e99a4d8c163923", "6eb30adad4e2386ba28a1bcb356a37647c1721c7820cc643d447c096364c83e1", "6f321591806d823b95b7e1c4ba9b414d622ff5430444dcacd1e970e50edfbdd0", "6f81dbb4237a8376c899a63e1d1dca80569782ecb2385187c7df2890a48f145d", "70f5ab2f1b9f2c0a99f564d79570458df9c7730547de9b58ccf3c2fbe7db1027", "72990581a37cdbaa01cd23c38988e575d11a51ddbd5c5e6c62e9f2d508a61b1e", "72ef3631e39513e0d527a2cd56f970d88321534634a6cfaff89293b33f883380", "73bb4ce1e587b8c00c45da664dcb7360bec697d57a4eb567f525cc41ec1e5de1", "73c57d7bfb86a7bc8b5297b248caf8dbc3393c7d5862941673207eb96f3dbffb", "73eeb38ebeb4b89c3d50387edaf0f3f066d038a4ce2e46729f829c76304d901e", "759ddbef2f43aadaab4fb518a2eebc37bb4ccc73287917fee28ab579f276973f", "75e796c5326be54c25701e88f8cbda74f634d72dd8629e4a48f8f493c48bd890", "76268a571e031e2e7794a1ab3a70ab24808de88eff30eb4d3aca83c73c821d2f", "76c94a635d7c87245fcbc23a89a31e6f0835b4de823657184795d5e08ad02a5d", "78aaf39ff460fc78d2534e69bd3a0576a5e3ab90bf72a96cbc4cbef4d36bfc01", "795d8dcc4b747b21adb34f3559898b30d3804893b7094a4baed78a0becea39d5", "7a713a5b72872d0833b7a76fbb7dab5343232b5c6d92fb585a7a67075f59705e", "7aefdc3d3a4622a5d2164bf5c63d05af6eecb5f3c77df678dd3130bb115041f1", "7b15fb417a1823f7a99c308af2440065ce8020d29a9601ad16ce3df9a80f3143", "7c274e8fb1232d0ebbf4841be388334de441b96b1304433e99fd01b245ec5e99", "7d342199e24b9712d47a42655b35bfdd8c8ccf55ea45052e170a7de1aa30d982", "7dc2b17a5929542904e6cd289a55dc1fec315c654f9bb8312b443e3b6a7171c7", "7e8d4aa980f58877a1aef9f0780ef6fd4325dd39a4c37348c1d79d3628ccc394", "7ea14eb0406583b79adec460024a7b98db9b789a48a48277213dde354b2bd11c", "7ea48fb60e5a7b2c8da071effa6ead6c05d678c97a435af1609f79bdf842b16a", "7ecf2dc51ca915a2ebb282cba325d6447bd2608d4237f1da06ecc6a1284cdddf", "80b676417ea5fcc1e52d0a38c9329b4984bcfaf189362b686b1f266530c43464", "829df4e54301c70b842424ee4fe502c76c25084e288cd23b5fd38683f2277f3f", "83d71a51e65ec696a807deaaaec5ad23c95ededa4d24fa6a8701eab14baac525", "8561b63bd6c89208902d38fcbd2d172472dfc89c70de8bf77cb12ea0fe5308cc", "862552319da6569bdcda1f226334c99fc95e6ade44bbd6df1df9935ca46e204d", "8649d5fc6251931eeb448c0e6d118462317d20387a07967b2a279761dd725ed1", "87a48586a1fcaf25e427a8eeaeb1df89f4040321a31666b2e09bd78b3d2cc166", "87e0b0fe56f7ea0eb3a815eff6cba4c2f4f8658177b63a741ab09f1c00bc7cd2", "88a7eb8b3628f8826c30272f296894906007a696173018192f1599b198fca931", "8a7ab5377bbb2384bf4e2350be6694ba54417a86456b2a02fb3fb2aec4f57332", "8a7c8f382c3c7e7e856189c0106f58f149f78dbfbafc4256b0b5e62c431df685", "8abd603442ee5c1f6a89ddff6c90e5dcd788cc8ea458a939678274be5058aadc", "8afe45266c9100b400eee586b951945df8a6181188f1979278adb41153ea0699", "8ca8971503c9eef28d1bcc1d48b6e60d3f2829e10e0f06c4a7ef8b1301fd0d9e", "8cb35a18ddf12fbac1fd0641f05814a43fc5cf7ddd3e68513ead0f2b6ec9ab0e", "8dd071398f0d064123923ecc4f8a91b9a58bc3e6a68a2b9faa111137259a3f87", "8e92d57742529293cf41b3e10ec6531a89db8fad57814107a4d04a8b3f406c55", "8fb444d15d00df1751491f858baada758298421afde1711302cbbb65dd6d3a77", "8ffeda3ee8f3debbe954bd0000a37bdf23826cb1973acb3c1ec6a59c94182b93", "90081568ad594df8f2b0307155553d99d59ba917233eab310c48a754882619aa", "90e188e7b87041b62ac4bd8e45af8fddc0f4b21a68108abcc387a06b10640f70", "912597010eb563b08219eb7a31accc4ad0e374cd8cf48ac556f61696eb516f85", "923c6c1398469bc6525ee6d1ec5fa5c0bf5aa0b8318f70217d03e7718b0f296e", "92bd407e2fb627be6fb493a554e3ed8eb9877a6dce25759f8f5d42dd5de731a3", "934d908c862b9061ee5e5c5c65538d8e56b5d98c6963f33e4eedc680ed1d7229", "935e60374e24fd58389b1002935c4f49a07cddfc2528c8b8546a0309dbda6a04", "9609b05637a3fd275935fca61c307425ea71c5d9a8bcc149c3e0558d1de338c5", "97e04815bdaeb16e45e8660250c80cde352fbdc3635af6ff0487f9a20324542f", "98748b1b6507d111a5358e2a910eb66a8f48bc8f63ae7d3a6f503f96f5735081", "998d3db0cf46d4470fbeb7159f08dd3957e55e0097cd83e41cb5a50a55c5a59b", "9b3414a1a2cd773a33855942aa1e728dd2abd514db228e58046b8ae6d73dcf42", "9b5315a21ccb61d810f31f75d0528d14a7b69097608890965c9a73c87bc25648", "9bf7c6694314d21ab8ed21f08e8dd198c382b0b68e53cba315dbd561d2533280", "9dcb5e6f5b9e18000a41cade72dd5c59cabb2bc54c1ddfe8f65ad8533a4e3eab", "9e9dd395d339c7b6ad35a533e31421d1b2331db907b0a90d4dcecc8bc78ba212", "9fc4133ba006c46d3ca897cc724ab5d8495e69ffcedd6a789c4797d9d02676ed", "a08ad24fdd8707bfdf511cbda88b136f62f4ebfcaa54b8bd97304b1a8ad17eda", "a102d47ea02ab4bc4b7e62525c8e000cef4b96ee600575c46cd69b518b50ee13", "a1ec221a668687572a866032953af6c5b1bfa5f6d269b8b02c95b318ba57bdb2", "a26682822b602edfa1d75b41e90a98f4bda4c5f9b44b13e37d89fcf3651aaf95", "a2d3cf74a92bb67bc595b0c3bd6d5c203bb833dd1a6e66a5979ef718ecdab012", "a2f440a2e6a454ea503e060541b77a4301407e9c5b2fab1fff9dc87cacf2ec69", "a31bff58441d81772804c0290ab9b9d6d07a32f125bfb6bc4205a533ef5a5135", "a469bad74dc352e0c7647d0e29103c02f01def61d3d9fb2ac7cd237f757456d0", "a6a3673967d590090b20ad41d0fa0910fa06377f90cdd34e1dab1b6ec2cc1f63", "a84fff9859555467973121347b353ec4e13869c2018f2f50cbe559bec2e17e75", "a86d13397d5e142f83f9038d7fce91cf929bec10062ef8759616571c516ec5c6", "a9a68f982a112d11ef34961d14b2fdbcbba8a5056749a248e5f3a054da139ba4", "aa2e3f4e94279e2a7024965815f50bf1e10deb01fd5dc8d4fedaf3e046618ccf", "aaa004168fab6c50fbba4e04fc8d8cd6fb215922c932e17616dfdb3323fc799f", "ac1dd1756588b0727b7bf999c858f9f6347266bff51936c2cb4ac38a06059555", "ad28f5211d21cecbc3d055d7c99d6bb5b660c9bb5d0a37c138d8c49f8263e8be", "ad48cdaa05dcbcc9b41aa1f431bbf4bb1603e4af17fb70b87a57163db7c96d78", "ad87d7b2849226045022a838638f4201e83befc2c953648166f8c6a1bea16a3d", "ae5f8a3daeefa1bb722063c4538c486c9fac2ba8e7734885d6d7349d11bd5b30", "af3064c4f050610b52403a2036db48ced71d6b7a6edde4a695f39078122b8e67", "af6d9f33f129eec32bb32614b48aa6500463578145b13119770b185e762ca800", "af7558e45f42909aea59186e10d45e56551f67e86fce67dcf0562f487c95ce16", "b10c243868852b9f9d673fb46d8bd7cec89cd8f4d3dca8264f6a9f253ef650bb", "b33e42af2999e6a7a5c8cfc6df0d0698e8edd32a0b62cf5fe229234d150fda1b", "b3850198a55c15dbf311310d0cfbc367bdbdda9322e0e0beb691e39374246b73", "b4315fccf540aee2a8ab66a2ff1aa32a3b59b3d8205e670e22b43aa6d05c06cd", "b4ffc1f8ff9f8886dd0919e8ffac04b9ed61ed42b4ea7e2112b1cce6e8a8e9bb", "b5d64f8ff36e3caf60ae730dc73e72a10c1107c71628050f0f9aadc7699f6153", "b6417abcd7a3dfa0135a1be7682fa699cea86e643a4dc6eddffa0516f891b6dd", "b656699c5a1b2cbe9fecb71d8109e845982c4fe976697f2fe7cf74e766ab2624", "b69459923bbe860a5e2c60fb1da852a28318e0544bc71d623b23ef36bcd13768", "b7448859084bc7e2b0754ae4f94d9fc43dfe97d9d7736854f5bac8613922e690", "b7c26f8b774e38bfc3f40a2840f2a35f4d206950cccf04a861e51e160250c68f", "b90732f8cda58b5eb429869c647ff98bc7ffa9caac934d749d19dacdd0d416b1", "bbef308977fadc00730c31d2234e35918621808b08aa6403bf69b8cb1bd57d2a", "bc025f41155a0e08470fd4fdfb253e5976df5cc1b47ae020f23dff5e789c8fd8", "bc3badbedcac7fe605768dd5e45c5e0395f4db06de8e59bae2f89d139d1c2f70", "bc5492fb45fee5dfee6ee592206f6d3135e47a73621af16e81c85631223a1f9a", "bca307700d302db0477f03828016ceebf2c81f8cdaf836c3b86c8e2137de6b29", "bceefb8a3f40778100d122e92e486da2f2449e81ace8a2e99353215ce5f1ede3", "be413b77e5e777310a95a44fd73f4a7b9ff979d4589a298464370186570a5e34", "bf840447f7ba193bd4d89d16ce22f8707e3103f952e1e1bcb12a8b2caaf8ad30", "c078f393a6a109d501b9acd556cdcdafcfb8ba7becdc75965f9713cf0e3109b1", "c09982f1e8706838603cdd2fa3af26dfcda352436b71ced719a3d01ae9eb3651", "c0ec47709874606eef6364671c37fc06c7be34a9e2106cbc95b215a012c04177", "c210cd49349fbfd80a4a5ab12d8cd673f76a6023ab2b6c780e7c10600c978cfd", "c27caf0ee07097766cc29af74b781237e6d65b40ce8ff0647d33ac6381f9952b", "c2f734f4d40279330b82cdf41707b398af5c709c370651155102e007a69e57d5", "c35174259592ad160f88e5a0c633811f6c8c35943ca1fe4508fcb85da7eb6831", "c64c9907a7ad619f24c9cc1209cb17f9925517fe301450d6ad9df0f266f33a69", "c67542217158791f783e6863ad40fac107426143fd1184c19be3c87631e921c9", "c6a5647239cd4bd17c5fd5b4993a1bc0461615ebb48ab57619f109bc6b1331f5", "c79ea8fc5bc804b9d7a19c0bb05c650e95e89fc9e5f5e95347f96e8ec057571f", "c80d75c1486d6de2ff6abd8e745f17c04d0bc0a09a449f9c4cb47317b6ed6394", "cb7f18e38d6cf7b50abc716413c25f5e4f761476c2489de4ea41273adf06fd12", "cce3921b1715548620c9668e7fcba82892c4342c1f6a15ef1aa2b9441149279c", "ccffbe36aa0c0e9f6b0550ffd6bd1f46bc47a5fd8660e6dc3932578d86d58931", "cd2ce79e6888b6745823295495eeb9de6e90085aaf0bd643ceededa30a7ca0ca", "cf8fc5de86412cf62c196cbd67e8816e3a1b55c12559da85637d0f16b5bf4e16", "d082cfa58b49a173cbb6810c5e9656b8c2fe68e27b81b8efaf709610ccd3ff10", "d36535beb24bbfb39d6cc180b5f30c73797ceadbc5b7db3c235f9faffe9c14a9", "d40bd87e53ce433ebd508859f7cdcec7edc31dc16da9a6afa6aa363945ab7960", "d410ffd24e7c20d86557e5eb29ed33034505b93abc3bee515ab55d74a01ad1b3", "d437a7773370eaf707fc3e477fbbb8e54ee8c3d045b177b937a6b0d73577b8c2", "d5be642c4ec96e146c9ccafc1fb26e0232e6fdd1a23d0a02668fd539077787b4", "d5feec325e91b306258a17ff8a954dd9a60b2c27e0d6d0b380de3a0e8c021410", "d7df6d4f1dfa063405f81b7126cdd658883965880e06053626e5b2cb673add19", "d9265507bdba00467ea21e22c2de73551d62da2d070ba661cce3b81781430759", "d9426681b981da89a714aa326aecf715b57b4bba510ddede7a4c5b7c28234743", "da60693b8642aa4c5c7f6c4d1357b90f561d34a27dd06eaf4e565f9ed05c1a35", "da644f7cdcb718436963f87782e904f8d3a33058a8834174fe89d50b3cfb9142", "da7b1401bb3cb8c658ff280fbe882a7df3cefdf704347fdf08d1c1fd9a1d6194", "da916511de5608372064a2f8946797b81697d402a583adbc406c017581c4543b", "db22c4eb14c976404eb2e3c3aee6932f7847c2ed6047b93645a22f14e9de6acf", "dc17875fdc568cfacfe6e11d0126577ae6cc58530c84270626bbc9ddb2ba2564", "dd47ba15b8b5b594a86eb6bda075d6be884fd3633c9a45b380ec09f0009cb1a5", "de965ade01f725dd7a8eda7ad53c9f1b76a388c09e3cb1b471d115850558e0b3", "dfc502a802a7a37a7555f6d24c3f5765dbb5bddcdab279c4a0d678ad7ccf29e1", "dfc6f9d88fa853ce7ca7b3c351aac9270c6ce13f170826642c1eeed1a98288ff", "e0ae828d97507c449ba608353a63a1545877ae9d87ef7464b3215b22a9f58b94", "e2a672f36243490cc3ce1ad853d512bbec851a46e2aa3198ec0687cb29a64040", "e38fb51b41b58edd26a5c7d4e7f1b00b931acbd8e117c38ba247bee120027008", "e440a1caf14bad24243d2c8806b49e61a17dcedf91b02f7132c6583ce04d282f", "e52592e1b2eae70c0f4280ad762e70fb8f28dc3d8f8e7e6830c7211d5169048a", "e784bfdcf2cf8d60db576fbe9b564c80c60963b464786992ffc0afde9948f90e", "e7c2e064b5bbb4645c97d273b144149590df842a2769175182f2260a7876180e", "e7d34821f028055050618fca1b6d485299a8b5484c3024f35eec0409f5cbbe16", "e7fb7192164c647ec44f8d49ab2214a4baf91e99d5fa6c3ad160c35384bc4793", "e8187506759c1894f5cdf7afd0b237ca4e5f8366d41d9cf10c86c0c3c1c5c69c", "e894974d823cb63122a8aa6b12e9500548091e84e34aa66427d12152dd69a130", "e8a9fe154df581e4e45ee671e1208f052f1794db02720e0965bf48595df2579b", "ec828b70e26fa1e5350bdc158f5ef23fc432963f8efe69ef8e05f2143691d24a", "ecf67531f1c8b7026838f67a07a858ea0ca319b82c74e9a3331a2d7e464cdde1", "ed885694ce05132a4c63d905575d381e732b19d524578418c33cdaf56c591ccc", "ee287f14416e2b5893609de81afce31043a334d850e8adf7a10fc0c2c596642d", "ef0a2e799658f18b722f0ffaf1d7958a4e83969d933eeb66f3dfe22e72a4138d", "f00dd03dabb9aad73c718c313c22fd9f7546c74511b628c945caff0516ea72d8", "f067d7fd3dc59b0f0b9321f51d3585fd762d4225ffe979ea0236726f06c97087", "f0d93ff596a0e2307040b56e6b2e77cf8032b86353effef268c4fba3ae9594a4", "f1ef1ee7c77804ba36584633ef905b3535e456f69b9bcc56376de7423b05902b", "f2129a54d543142479adf0f4918ca5c4b89ddbd1981a0e6ec13151fd96747e0c", "f3574a670ea9730d4640944bf14e3bf7c2b6f99a5cfaad4c843b809518b18b69", "f6c928294bf2fe1c9feb11993574a8a9278638b61ba8ac2375be537f8868539a", "f764a352b4271fd50315a755a6bde04c45efd59c8ae5795df486f2aa6aa7aa51", "f8fc469ddb7bc29c694c8ba3b8d5e6cc34aea03daa28db45e116875782cd82af", "f91b28fd5b4e16cc8eec54d17db286f25beb54c299f26a7db9e1a32dfcaea907", "f973c3fe7d3fb910a34ac58d4bb975d991db567b645dc187a9d1a154d5c83810", "f9df9715aac3fca40f676985ab95d5acf89a57fead6b4e6fa8016648c268c99d", "fb8956e94f2b72650954716cb82341e4ce2dc7e93dad79cf193ab31f39790452", "fc25e09808434ee3e829f5ce41ee93e4bd6eb29a9e9230f2fff30ec4d1c0dfb5", "fc7d18f9732bb04c296a48778ebf57725b725e45a43e26628eed9cfefb04d546"], "iocs": {"domain": [{"host": "ns1[.]boxonline2[.]net"}, {"host": "ns1[.]boxonline3[.]com"}, {"host": "ns1[.]boxonline1[.]com"}, {"host": "ns1[.]boxonline3[.]org"}, {"host": "ns1[.]boxonline2[.]com"}, {"host": "ns1[.]boxonline3[.]net"}, {"host": "ns1[.]boxonline1[.]net"}, {"host": "ns1[.]boxonline1[.]org"}, {"host": "ns1[.]boxonline2[.]org"}], "file": [{"path": "\\??\\E:\\autorun.inf"}, {"path": "\\autorun.inf"}, {"path": "\\??\\E:\\System Volume Information.exe"}, {"path": "\\??\\E:\\$RECYCLE.BIN.exe"}, {"path": "\\Secret.exe"}, {"path": "\\??\\E:\\Passwords.exe"}, {"path": "\\??\\E:\\Porn.exe"}, {"path": "\\??\\E:\\Secret.exe"}, {"path": "\\??\\E:\\Sexy.exe"}, {"path": "\\??\\E:\\x.mpeg"}, {"path": "\\Passwords.exe"}, {"path": "\\Porn.exe"}, {"path": "\\Sexy.exe"}, {"path": "%UserProfile%\\Secret.exe"}, {"path": "%UserProfile%\\Sexy.exe"}, {"path": "%UserProfile%\\c\\Passwords.exe"}, {"path": "%UserProfile%\\c\\Porn.exe"}, {"path": "%UserProfile%\\c\\Secret.exe"}, {"path": "%UserProfile%\\c\\autorun.inf"}, {"path": "%UserProfile%\\Passwords.exe"}, {"path": "%UserProfile%\\Porn.exe"}, {"path": "%UserProfile%\\Secret.exe"}, {"path": "%UserProfile%\\Sexy.exe"}, {"path": "%UserProfile%\\c\\Sexy.exe"}, {"path": "%UserProfile%\\raaitay.exe"}, {"path": "%UserProfile%\\RCX6E9B.tmp"}, {"path": "%UserProfile%\\c\\RCX7DE8.tmp"}, {"path": "%UserProfile%\\c\\RCX7E08.tmp"}, {"path": "%UserProfile%\\c\\RCX7E38.tmp"}, {"path": "%UserProfile%\\c\\RCX7E68.tmp"}, {"path": "%UserProfile%\\c\\RCX7E97.tmp"}, {"path": "%UserProfile%\\c\\RCX7ED7.tmp"}, {"path": "\\??\\E:\\raaitay.exe"}, {"path": "%UserProfile%\\RCX6D8D.tmp"}, {"path": "%UserProfile%\\RCX6DDC.tmp"}, {"path": "%UserProfile%\\RCX6E0C.tmp"}, {"path": "%UserProfile%\\RCX6E3C.tmp"}, {"path": "%UserProfile%\\RCX6E6B.tmp"}, {"path": "\\raaitay.exe"}], "ip": [], "mutex": [], "registry": [{"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "internat.exe"}, {"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "ShowSuperHidden"}, {"key": "\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "raaitay"}]}}, "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2019-01-25T18:21:02+00:00", "version": "1.0", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Doc.Downloader.Emotet-6826494-0", "Win.Worm.Vobfus-6825980-0", "Win.Packed.Razy-6824365-0", "Win.Ransomware.Genkryptik-6824111-0", "Win.Malware.Ponystealer-6823878-0", "Doc.Malware.Valyria-6821700-0", "Win.Malware.Zusy-6822787-0", "Win.Malware.Ursu-6822222-0"]}