{"Doc.Malware.Valyria-6855449-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "These variants of Valyria are malicious Microsoft Word documents that contain embedded VBA macros used to distribute other malware. ", "hashes": ["048e2a3852452f990da142fd74095f16dc2e419346567a988c69b3d8ee62014a", "0ddd6eca67f679e7767d6b834afd489009bdfed0aa0fcde6cd3293f8ffe1a0bc", "13f7dfeb4ca314f5a738c4667968551b31a3f11efa864c97cb36dc68932d636a", "168308817df0b5f51a942117a0a736ecbbb5642648b480803d0fe70c5473983d", "2e53f63e8ae62b54fa5cb3378ed0252f202c144dcab869e642b96605765c2651", "59fb51c98a77c782fed98fd718b5292ae7c980b60069a733175a39513237cdfb", "6c552b50dd293986580d928225c05220c4fdfc246a40efbe514cdd118ea19fe5", "6f59607f97d7242934de29fedd6cd1ac0efd74c99e7ca212b68c042ffb8bf9c6", "8dedf65f3f2d21cf53781e7837e779a15753bda1f0ace6cb3f23523c2bb97225", "9638653f353c805aad3d99d7f76e91733ddc7982a517ef1260f401de16d970fc", "a8ecd3c1fcc6e41d4a24c4d8c39f1d7696a83ba28d148511e92c2fd13bfddbf6", "b8bf2e3308ef42d8649aa1b2a7f05e16ba8c04d42e495bb1223f5fc6d3d7b2a0", "c1982d4406ae41e126221026a549358fe967761e868e358a1b1e9e2c6a9f0113", "c6c1e7aa4fe9ae0b12caa5143b3d9c7b541d6d94bc9341c6a349de1a973c2713", "d358c4836374c3c6869b731c42249fad48aeaef089f7959cebb989be9a78b056", "de883059dc699081ae98bd4b295be8972f4a3bf5e699265a97a422a91d8acfbb", "e33244791d5d6972de721c5dbf114f8b2921cd5fc407a1f1b7e23119c0d07504", "e496c2b0549e81380e1be0df042c849989474071d1f3b3ec7513b40fa0e7e546", "e88b14c4fe8c25557a0a8a9061cc9eda7c97bb0f89f8f4ae4f645d6c1d996d4e", "f299cb65e5c336cb1a31b5cd73948d07dd68780e7329248bfc5d080d75b43070", "fa24a0c05815300726dd268426b28397471f067cdedcdb2f3258df75af169c28", "ff7898391c17d84e6acf87e8106c8947bb0924815e90809cd645aa1fb35d0b6a"], "iocs": {"domain": [{"host": "syonenjump-fun[.]com"}, {"host": "tehranautomat[.]ir"}, {"host": "www[.]tfmakeup[.]com"}, {"host": "soportek[.]cl"}, {"host": "mebelove[.]ru"}, {"host": "tfmakeup[.]com"}, {"host": "tilda[.]cc"}], "file": [{"path": "\\ROUTER"}, {"path": "%UserProfile%\\971.exe"}, {"path": "%SystemDrive%\\~$8325604.doc"}, {"path": "%LocalAppData%\\Temp\\CVR9952.tmp"}, {"path": "\\TEMP\\~$8b14c4fe8c25557a0a8a9061cc9eda7c97bb0f89f8f4ae4f645d6c1d996d4e.doc"}], "ip": [{"ip": "112[.]78[.]117[.]186"}, {"ip": "185[.]165[.]123[.]206"}, {"ip": "203[.]143[.]82[.]157"}, {"ip": "136[.]243[.]80[.]123"}, {"ip": "201[.]148[.]107[.]187"}], "mutex": [{"name": null}, {"name": null}], "registry": [{"key": "<HKLM>\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\Certificates", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\CA\\CRLs", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\MICROSOFT\\ENTERPRISECERTIFICATES\\CA\\Certificates", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\POLICIES\\MICROSOFT\\SYSTEMCERTIFICATES\\ROOT\\Certificates", "value_name": null}]}}, "Win.Dropper.Ribaj-6855378-0": {"category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This family is written in .NET and is highly malicious. Once executed, these samples drop files in Windows directories, modify other applications and spawn several children. These binaries also change the internet settings and the certificates of the victim's machine as observed in the Windows registry activity.", "hashes": ["06a416703a26e095bc95fec44dc4751c5791ab9e1c99018c95e9d09282e3d4b0", "0b29c1eecbeada06924782aec009d8acf4a76893bd773a269b64a45fb3100ace", "1470b0737d00fde7f9fed30d1a8b314715309fb71363e6eb06fa36a88c20061e", "18c7f1d80af84c6b22941d0a0faf3ceb1b345254917573e217342041b3eabba3", "1e33909178e6080fd417f24631710b3878814dfcaf447a71037c4a5e7461f3d4", "1f993367b585974f87a7ab1d47979c64631e586ffcfc45a4abb641249ef3c2b6", "2dc55ee6064851769cd403581967517abd947cc5895ae986e4ed0c4f88468cc6", "2ea96a2c655d5f315b8dc22929924e7760ac083b92952f7c46d8b885060bede5", "2ecaeaa9bc1fdd5f1f8ab0d9d775d6f606280f8a86f3c9944925a3ed39e5e26a", "308b3c1dc4b2d19860c4dbe0ecb3bff55e2665c0121ebecf66cd5ae10d643cdb", "4158285e5c3569543876349c0db59e5a8f341eed5e2795ce864d3943f04a0f6c", "492e76881ff64ed066405ba7550bfe1f1d38a1e464af5e07bd3cb5f44277f2f5", "50ee79ea155621b2bc0952e66aa451348ac393030ba11b521f55eefa5de85dd6", "54396b08903dccb3cea7039b505912cadbf0ef36ddf025f7c3cbf3618b3fd1ca", "5488a6601bac36620c48be50c3ee1c41831cac6f64aac8f7fbbfaeebe2e290e1", "5687568d18019b9a391437e0d2fcb2a1e36eecb0ea8cc0d143d15389d0d63fd6", "57e539645e32c6fe261abaa56e8dd56a9ca2ae147a2035a933bed10e1e97439a", "58c46b39d71971b1ce3643264918d3292607841800656cfda6f6b0b89a682a85", "5dab3d191197694361d12090ac15228ca26f5658412e7fa51f6afe8b2a28ff81", "6047bc6f35d9bda3eedd9615cdd78f873a7318a0fca92733d4ade714ee264928", "68edeb326a914ea915a293ada3dc5341923698889080a8a1be321f2229ba88ae", "6a752d266112e05196a77043058317a5a0e53151613cf067521ff93f4b904818", "788132452a60297f0b2736e4dd1ed7f10f69599eaba6ae93914b87eb858bb470", "7a9a1476d383517377cbb03e480ea1880efb51eef39e70fb5dcd29b1ab859a8c", "7c3f98328eebdafc2a245deb4eacdc79fc69f671da80168fce96a755a31b882b", "80030e9493c8e267a1624f87b5bc38309f57c2a6777ee87f25e57924d128ab1e", "8f4c696f6665e40d7a7815b064659a9adae47d6ae2e56c57b56a30e294532619", "a9c13c9cb974c0461a4135257a9a629274479c210724ff69cfcafb8d9cef73a8", "af3d33ef229098e8472fc14e23d5a46acf1d7805e42f8fed30cfdac67b1b3c25", "afdf559785e07980bccf3f8df127fbc753fcc3e255b619ae3048316c6d6329da", "b1e245edf4978504b44e207fe24a9c03d3d7fa27e3eed24c010c3cd601151ca6", "b608ddf4be9269bfae4d86c13a4c1b6d60929ac657dca023994c4aeb933337d5", "c37d4359af7f26e37ef5eb1cafd07650a0c50423dbb00ab098cf62cada1caf5c", "c3d1308127608508d6f70c542b619929ad55cde02bc20fcac741648fadcd00a4", "c6b4cb1c4ecf9780d0355b52a35f9fbf02063f8a5112cc3ddc74f635f7ebd2e3", "ccbe5cd8e1e51189fb3b52f51cee65a7664f92ad95e39c2778b62c3815d8fb4a", "d877616a4bf770f3c2af6b07ebd63ceec62a277185666931fa23383784a9b9f3", "f13127090e9a3cd8cdb7adbaadb681e6d004b935a6b0636239dd8c8fb5803fac", "f5040bfb6fcc7e802a0bf9d1172f99268c3b2c10c016cc8acf237ed576b5fdab"], "iocs": {"domain": [], "file": [{"path": "%ProgramFiles%\\Hnc\\HncUtils\\Hmedia\\AlbumMaker.exe"}, {"path": "%ProgramFiles%\\Hnc\\HncUtils\\Hmedia\\PictureStyler.exe"}, {"path": "%ProgramFiles%\\Hnc\\HncUtils\\Update\\HncCheck.exe"}, {"path": "%ProgramFiles%\\Hnc\\HncUtils\\Update\\HncUpdate.exe"}, {"path": "%SystemDrive%\\x997y.exe"}, {"path": "%LocalAppData%\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_p606h.exe_4863d852a7d73cfde1714dd63e191d3b678536_650ba745"}, {"path": "%SystemDrive%\\TEMP\\x810y.exe"}, {"path": "%LocalAppData%\\Temp\\suqv362h.cmdline"}, {"path": "%LocalAppData%\\Temp\\suqv362h.err"}, {"path": "%LocalAppData%\\Temp\\suqv362h.out"}, {"path": "%LocalAppData%\\Temp\\suqv362h.tmp"}, {"path": "%LocalAppData%\\Temp\\suqv362h.cmdline"}, {"path": "%LocalAppData%\\Temp\\suqv362h.out"}, {"path": "%SystemDrive%\\TEMP\\x915y.exe"}, {"path": "%SystemDrive%\\p155h.exe"}, {"path": "%SystemDrive%\\x458y.exe"}, {"path": "%SystemDrive%\\x578y.exe"}], "ip": [{"ip": "91[.]134[.]147[.]134"}, {"ip": "46[.]4[.]111[.]124"}, {"ip": "79[.]137[.]116[.]43"}, {"ip": "151[.]80[.]42[.]103"}], "mutex": [{"name": null}, {"name": null}, {"name": null}], "registry": [{"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\My", "value_name": null}, {"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\CA", "value_name": null}, {"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\Disallowed", "value_name": null}, {"key": "<HKCU>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\Certificates", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\DISALLOWED\\CTLs", "value_name": null}, {"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\Root", "value_name": null}, {"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\TrustedPeople", "value_name": null}, {"key": "<HKLM>\\Software\\Microsoft\\SystemCertificates\\CA", "value_name": null}, {"key": "<HKLM>\\Software\\Microsoft\\SystemCertificates\\Disallowed", "value_name": null}, {"key": "<HKLM>\\Software\\Microsoft\\SystemCertificates\\TrustedPeople", "value_name": null}, {"key": "<HKLM>\\Software\\Microsoft\\SystemCertificates\\trust", "value_name": null}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "value_name": null}]}}, "Win.Malware.Cgok-6854725-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "These binaries are able to detect virtual machines and instrumented environments. They can also complicate the analysis with anti-disassembly and anti-debugging techniques. This family can install additional software and upload information to a remote server.", "hashes": ["00dab31016dd49471a3cb73d13eefcc8811ac389d26f06f383b905e6850c6abe", "013689006fd96ed4ec46592ce46e9c5a6e0af74040519991d8d550127c11e353", "0253ad922dcd84936c68d68d7524979ba468fc654344a772dbbe17c528037ec0", "02bb34fc8bf07578357ad6d771cf91a0131e7e99dbe8298b64555e38e7e9a2cc", "02d28b601b87806ed74a5bcb9fa04d6634f3b7f9949b4393aa4379649997dc88", "02dd9c6fb756466cbd12e13d0a962b64670b49d1fc596e18fdbaded971b0b667", "0372d2b10999c791b93b17c484ce4611f31fd833ca235276748d7ffe512601d5", "0492856e08c5f50c72cda713d77ade79eefd4cd89f611de92c47b4fff249db17", "04b6c948af264febc278760d73efafcb3fa814b659a7c811f8b2053e4e957966", "0509780a1a8a14666ddd7592f4a787f2b5d4bfb599b838fa4e73676fdd234e70", "05f245d3ef7f2e527949285fa93acd2d9e0ab7a6fb95e565798eb751d3358712", "06ab46bc303dd3716be11e5066687c9500b7ca4bfeefc261a3bb168000835fd6", "0732d16625b8f1b1a4b489cd123d1d8e1ce89cb61a71c8ef00bb1b37bd294f6e", "078332f7ce5dd623750c9f7b7a148e04a3f499a2abd45e9c756c63ec4906ebaa", "07cb4ed6fb479abb07137e49c090d623a3b21762496c98fb0885176d9702553a", "07dfb8670514998cda1a27e5076d9b80febc39c201d9a85652e96ca39572b8c7", "09be7b1275949afd71f1c26965bd079a61c7cefba97086fe3d423c7c669ca1df", "0aeb055d03bbc6f637944e8a82de7a36e959e3ae1ef3c9b04217ea91a9966fd7", "0b2eb1d35ee7076f18cfab589df2432afb4ad1af19590b15b09eb18e8e68abf2", "0b38bc30f470e19ff3e973f5d8b0ca196e58c7cdb49ee1ccc1769ad8422cd356", "0c45267be8dd1bee444bedce0f29f9c6f6537f9cc14f14eb3d189c6ab7df053a", "0c72e02a1a7ad5f3140c57b9e6f3650afe09692d452fff294a4658a4e33573b0", "0cd3b49efa9072f463402e1d5d887cf38a5d6ac1a26dacb508739c3b2e15c4d2", "0ce65debee6f89d18a75d99d5ee271d8cf1fe948833c657d6dc64c85666aae0f", "0d73b17699c07d1b2f04c8b3ec883138e1133ff9ff2f0b13dddfe04ae6e52e0b", "0dd2aa110777c2dd09a2f735f19d2e0f7df8951543730017d920d3a20c1bcc1e", "0e686771b7edb501eb293663f97ba6f19c2c43aff5dd8cd69420c2d7df8ad5c3", "0ef3f7d4c2f3921944cafd0914a03d0a7409432c6c7809147e88e2500501b100", "0fb829d9241f1c8af21590c850c1b175ef50d4201feaabb8f0107e3239119a7d", "0fbc30160e16b2a2508c5e7fbf129a825ec6703c857b51b0e9406185f79763dd", "100dc0804d9a4c61fe42885604ee4b10141002554cb9083438d1403cf265c43a", "1193e193cbc81ffd8cee66fe9cb24609a83c666e820597df94377cfff6cfbe09", "124483867e3c8aeea87565cddc7b3e414461c791f5c1043602819276ce9b9517", "12a78a68b9ca515f66c996078606a2cdd07eb1052281c495e3a0e291b7be6ae0", "13d622d0850244d1eb7b42fba03413a31b25279d8383e62f42a2545cff8a20cb", "141a01be769bfe9dd7c9b805bfe0ecab7b6d27f754e903c5c4d18e5959955c72", "143a70fc6b5caaad9a44bc19f28b3439fe1f36bfc0812e7c0032d23906331a0b", "144e387c730c568142b28a030342957e6c5a7362b7f79bc84948f6a118948091", "14a7afb45ed1c67e3206dc4c08085c8bed7ae4ddd6b8de8e282b6939ca60d21c", "15243354fea191d4caf7ca3e623c651841c31978c812688b2d3cddab7b2fafa5", "16baea3282361762e199d6bf5d6915a12fd2863c0c6b326fb1e22940a715b51a", "1798436809f48627c65765271a8a3b7b0362ceb6397f9da232b3ec76d5964ead", "181e793005431659bb77c7d6ed8eda08cdb706a0ba96981bdd33c271548b66a6", "1884d6e59b1662252122593dd053ea3af44245885b994533f136633963ce904e", "19ade907d55404c6c03adb2b85335af2a474836474a07ec5a4a6cfb089672c40", "1abb7e5d8c462012067baad8cd4875138c17c8ac3d568a8cd72ad190cf6cd66b", "1acba5b55d526f29b6946ffc0bfb618699313d8ac73db18c1ecf4278f6f95ec1", "1ad79719f110a1ecf847cf48aa9454d236529346a3da179e0a15d9b03865bde2", "1b83b63b100c42d44eb5883176b9609b824697665dc833eda3c59f5f591c52e9", "1ba55127d062c2390743ad9ea07bce1a8ceb77bd0a3447f6f41f8fab20e7b563", "1c31e2a6e025116d6b85c3563f090df754e67f4bd112004ab6426bdc98c44f7c", "1d7f8ae531313a16b6ad76d0360928ada74bc0084c7786e0ae979dcf096e3e99", "1da218f293b5503005e9c525f9ac73bc54a3a02b06451421eeccdf90825ddb62", "1dd1ca74e6d2cc55bc21bbf63c63438098068ffb3841537aaceb62309e36baaf", "1ee16c04ae3e9d08da629b50ad57b1878d7f10070ceb4a7b1b157273bcc4db6a", "1ee5448143c8a5cbe8831583ca2b5af19fafc099daa8f984c8d0048275c5c7b2", "1f52c3d453b0f2a1e37701cdb1d146d3ba55b059f724466e4b8c010f613c601d", "1feb62570e682a630f4e84d2921bee27dcf31e856dc2670139b917291bc85c92", "20e5ee9fc6be1c87374a833ef61ccc135c40b424e88276a8b029b64500201088", "214a79784cd96a1ae7187ce679355a2b3fadc92cf08b5f3fdaac46b35cf3cdc8", "2159ce32e491c3d9418dc5dd63ad9966c875957e4aad421bf69789b04b1c4704", "21ead9a4ca5d60ab4a73ddc6a7cc644418e30932c5639db8d3f40f8f62d3ef07", "21eaf5591a9436a8eaca1f9663e6b6bde4e97af3b5d9ff3d9d5108215a6f310d", "251f42cd3cb721aef35753016fa0e2d4c01fc7df204d909f73aeba4bac0746d6", "25273cb719a331e248246b9bfd8a31bdd09fc63c09f2e72b6af7445162156ca0", "2532f568f75d69fb4fc71c1586eb0814373ec93a56f23e0f315ca996c8c40414", "254ce2f40168eab7149f09d009ab0cbae68e54f343302bfead461476c82a11dd", "257a9f1454883e560cd2901b2b3b7db6e216e3bdbe6dbe1c4bbf7e849604001b", "25f20a78bfc194795d81a37599ee63180dcddc54358f1ec8870661910c34470d", "26be96eaffb71db6b45a653ba80eafe17a0564e4f7079c4b8889acfa4a9fd2b3", "26c78daea79b10901cdc332ada2e5eecda0af0ccbb402427e0352c35b77e1436", "28bfee0428153594e64eff24b1f26c6be128c897ebd49243d21fda9f2e0d76f0", "297acfe1e53d122dd42a76473f54c377144297577d54da19c4ee1bc983cd0c47", "2a0eab7ee0cf82f6e23b96ed224ed5f816e55c4b5f101a09d1c38ff1b622325c", "2aa14e32ea67a358e5e96a69da367f4ccf993998479c3cc35679cea31fc1d0ba", "2b3d038e43082f8d67e9f0dc94f39044aad7f7e5aab8f9adb5d36951daa6f657", "2ba50ebbf3787dbf39deedb9af0fdc7392070e175db1db22556428abcea4bc60", "2c790d9077d03f41a1fd51acb66db0583d64801ff2e57dee6252b6cb6cd3a7c0", "2d5b2e1dfeb9424ea8c06b4ba995385963a30d861b747920aa6b21fbd1ac720d", "2dbde3342d9671b1fcd017bc65beae0811dab6affa80d9973264ce1c581d2a1c", "2dd419f07445b230db8b984b309b159eba8ee270d227c9d44f7eeea5f88cb14e", "2e17fd96c6a4c679b503e665bc4816843ea0edd4cef4fda109c0c0b11b219195", "2e360e9cf2bbfd0f8b771cdde74370d026ecaa290778b8c0e67d65779fd3ae7e", "2e8283c8bb68bcf12e6bfb1a3f3f714ea7466b3d60e950c76364298eec0ac9d0", "2f5daff466033a8d6dbcd66026317ed1cb91f8adfd8725b11aec2b760203e6ed", "2fae3ea80db75096e4e7ab59d5a1e34b6dba0633a92e36727ed132dc545a4459", "2ff3bc62dec5939b1f5d68aa861e868038986a4099a2ac55e22d1a79b5da7a3c", "317103266ff84fc92c803bac48395b483837b5ca2cdd796a9237cc440dffe697", "31b9641bc805fb862b5c5b352845dcd547d9099d5c786be2aed49559d3c0cd7b", "321fb02b634481e65f565611114d119979e2a9dfd1d733124cdba9571a05a557", "3255cee0d945393f9253971ae94fb540178571565f33bdf970df06fb9706e2d8", "326e5d57b5af2b70234ae59c81aa1ca5666e6277483de21c932f70dfb21ad0a2", "32fffd018f7f4350bc4c1bf21d84c0402c84058a08f17b3392a474bc8c37c324", "34138f7f6fa46690ee29e41103a15a6cc8be67f988439708b17322eaf0ece0ce", "344f9861e1439edf339d04c660cb9ede6308d652c135a31e4f7df73c61ab1c28", "34de8abf2f2810f8496ddabf35e5305efb5bb10894a1c5bd65e186415bedafb1", "35951c43cc7ef320302871458b62a37b6fb968a7e3a9042c291d0217074147b4", "3660a7d09cabcfbaa4094fb76931f8c11eacfee9962fd91dd58946f37b618776", "36a76fcf44b3d598d51c1bfce43a6b4d281c6a6138d5aca13d40a657db8694c9", "36fe9604defa479c0370b05fadf5b260bd39a3e5276bc1e903f8c40a5d2bb7c4", "37179c0fc98b5bcff8935dacc9f9359bb80f8bb6b234a8b657ea5e531a9dfadc", "371d9950ca830751c89b767ea6b4877f96b066b0e39d34afcf45fedb98079a66", "37a27f7cb66ac866e8ecffa8eb1b1f27caee900803b1551d1be89872b564298e", "3832432ad385888087fccf28d12758a169aa182a0b52ded010c7c882e0263674", "389827290a33f8043b6c3f58496d3014537dbd8058bb22ea2116af3b64325a20", "38abeca5a2a40d21d2927fb88a5a13d50b73d9659c26a3af57cd2f7b76c77e1d", "38d7afada1bf2d0e588edb84ac08ee67edcbd50153de609bf7b1c5fb90081d2b", "3968dd1654654ca49317c698787815bdc50d45ded8f82f7c8708acd1f6786a40", "397b4f2966c337673c9ace9c709c9021b2b4249b6a0a1e7b038e8bf54855879e", "39dd0108a7b793377fecaf73c6c08ebc6292d969b4a8357d32f39ec101bad79e", "39e22bb05ca6a6c3a1f633dd2e1cc39092e44ca0e2c68412a751bc36b55c4adb", "3a1156d896d0afb49c6bf40df26ce3cf7fe058a59aa62488ec886a892c4a034d", "3ae879e816b29e3b646656beba505adcdef28807d55943d6482ec9ce69f43edf", "3b8eaf92fe13a3699f29a25aca7aee46739eac20a004f02b13f2990499a607a5", "3c360976e4492769ce79d7e54f8cba7fcb63802b88104b6282b10654a47dfc0b", "3c4f06c84531aa4cc311be6003a1413fbff08bf0aea3e91ab71b352e92f0eff4", "3c996d34807bef4b5e287b1b83c2110b90afecc8c7fdaecc18daaa67a7e87bad", "3c9fe901e1bf78e60746b900b6b29c8f3a0bd69ece296cc74168a08b836d3ad0", "3d14e65422bcd8cb18c2bff7ac886694bc6194152a9a5a699b02d1cfa84f077c", "3d30fc9db4165d75c2226b5fa028dcf423f36f31b7bc468861099b06be2c831a", "3de05f4835dd31b31be9057284f89558ce5081208a6f263969f7dd0fc1f59e13", "3f5c72b2c23be903c195330f7c9a4170d6ddb9292c881734f04d1cc29bbb87ee", "3fd2be94cf8fb4b553a510e4353fdc28e5338373c78613821e2e2bf1aa379b2b", "40a8df57974974297b9f05bf4c59c0e7296f5cd9c51f9a6d035c8af2ee5d3235", "41233e748f39d28ee36198fd5ff975d2b8a2494fa33b0217e31a3233bad38738", "41586c26e43aa05aa8162ca8be058720dc8fc819d098b08a6b5e7260ef8da053", "41f06d2e88b70445ff8de5a9aca6e93548b781b5869ac3c98a15d6d8e179c7ff", "4208a078a34ec2bbdce2986a884357d5d7268bb9dd34e714b3dd42c5773a7fa5", "4308e9ef5ad0c95eac63001fc9324e424824256e4f0c88249c60cf3035293a31", "435ff3cc9cf8a434bd9273f3854bf5275079740675cf10e86794fe26bbdcc8a1", "4508dc33bcd5d699e36a5ca9b542a2bf3f316b008138fdacd960ac3bf88deac5", "45c49a4ad2b28ae6faf54f8eb54d277dbf482e684100410e92c264e645b140fb", "45f4e1de46e114b1f93e04b899cc3c52f33a8f859b746c59b55901eae0a88cc5", "46a81b153419491ce2fa17fb94d66a1110ebbfd911da6f7d0d754720700953c3", "46a9b3d75e8c4a42ae6eee0538429d0d9f17dd993a9f3988f3f0aecd884045aa", "46ca9ddf2d2bf76132434be69a5135d3804d06225b708643f5c7ec36d5282b4e", "4710205eab5b46139e5484c62fd97c3d1c0d3641153f3bca296c379bafb09ff3", "4772805e9b784e586cbc4b5c6cd91eeca93ff98b9ab3590b8f5286a7db134c36", "484f70fd1caa7cf7166599f7bb4e69690a9ef5fcb1a973ecb78fe5f28e822dcb", "49d92ae76d990a2c52ccf845a244ecf1cb42a9446a091633f0619a4594a3f36d", "4a37e701827064935a7fccc69a1d0bcb3b1611baeddaa38fd6f64659002b6451", "4a3cb5eeafd8b4e76ad31b4c81bdeaf032707c59aa83ea7c68702668993a3f98", "4a5ea8ddcfb136a62a23fe0adc59bad8d84c1b735d65a39dd14c4e966282c48d", "4ad336d6d022f1ac35652b677002689bc70f53890c338d14857361a840e7d48e", "4ae7cba7eb129762f1fe9a815734b8ebc929c412842976d6e9880aa9205939cc", "4af1ef1ea7f6338d2e5145291a00fa53473effff41020c1f1617760f3f9c5808", "4b196cbf3cc5002bc95b117d6e0d10d53f6eac578761a43b3edc4ae887237fdf", "4b2881b4399ff51e3768181d259714a2c2493b74049b640733086eae174edf5c", "4bf145e50077c1df8e5430fe60a38625ad585297bf7eaab11c406934f2e24366", "4c4f9d385d62894070d89ddc86f1d6efbbdf532495bd5c9ccf8324f19a428fd7", "4c7f2851dd26427e34fbf74d9ef83afb6e47085f7682992b353974ba260373d5", "4c9c12868debf12f8e763efbe301c8724cde10ee9c9a8c88e1eab137b2b19c46", "4d004038009f039384c47e616973e6c6eccbccbc35bcb0317883cfd5e483a0cb", "4dcc448c1f31c95eafd5af776ce4246349816fcdd98363c0a9e07cc1c50925aa", "4e327e275843adcde655cbd2fa54b7a93a3bb45ffca45f0eaf5868766ef8a03d", "4e40c50f124e0bcc55aba36d912321ff7d1eec514a018e5ff1f52ee3bfcc4392", "4f09bc9c229e04f73a699896fdb7b9b5f5b7a6747ce2631015e6429a14a34d77", "4f531e546f2db6919c9035607634485b06e9e72ba8ae8072ec2bcfb7dddcee56", "4f7f6ab68603b75f6ecb92f8390582527b4486e702aa7d2b4df53ed16cefed2d", "4f906b6c14795294d49332fcc09051f6528db30dd3cb7d0a3258aa787d170ff0", "4f952cbde6fcef8a0c0ca7430857cd6286432ea98b8303e545cdbb1f2ef12594", "4fa4aea0f5217abbc45ba6a2142261231aeebb97452b34aad498b68e3b5ab722", "5025b57f24876d3b8bcd44add20d74419199b41e6836122224fe70f010fe2a18", "50fec1bbbb8ae54c6a88523aad73d98bee5f6ea9c1586a6dbd338ab52635c18d", "515d369d018607cd246dc6493e016d13f77223ab151430ee713b6f4d8fac822e", "51ecb6a8cfba8b459ec5c7f8976d377ded59790834e3d6cc7202510ba64f505f", "523c9ec11cf5c20176fbef24fd675638c583d38b019e77ec392aee757f0f066c", "52b816d760c7ef21a674123b161b016d34325376965dfd986fcdbf92a8dea027", "5381abad6099d36c69e3ed1fd90e964a29f6f8d093e56e9c7712ccec820b3576", "553cebf41ce7823d4811bbcc973ca6d217aadf341b3562c6b2015be3f3b06814", "557ac8e91ea0e77ad1cb700b52582552c7ce718753c95b6dc182ef63effd0915", "56435eb72d6a75e425e4ea3dd7db556ee5f107da2a8d3783f84e7db48b4886b8", "56a4c2bdfb7a5f9e25068526d5b763242ac74222b1e3940c0ebd95cb753ea2e5", "56d9b02a32f7c1a75de87fa28792fbf87d3bda09057938ebc615272f33207f0c", "5700e41cb9ed8c780988e26ed8e0d3ab84bd154555de8af5468af5fe07284a00", "577cf7eba46e59fa12e868ffa6f8af5262e2e27699bbf2ae389e178af32b2bf2", "57ac3a84b5fcf0af577e57b435f96e15b55c7c875a1952c918afdc2e47158260", "580e0355cc2048592fcba201a61f7b1488389ee7425274cef6574a2a0b02c50d", "58e816b9da3b0d726c44966d536818e4053339ae7f5665649dda1620e67ab5a8", "59232f382e62115dc6fae7e2341b7785261506b4614ed8bcf1e6bb11d4f86be2", "5a2bc98bb819378ffee74c330d3b39cfd8a78412a1ff54928d13f57e05bd44b2", "5b0fb089c20b0fbf38237c791ab331d1a324581ad322ae5385f115cf7d608d71", "5ba47118deabcea934bf8ac9d335e640a1b40a0544d56db86874f0206eb2f89f", "5bf5d7ce2208c1e5817d7cb9914a71b0408882359bdf44b5747cc5368055d5ee", "5bf88a2842d99ac71ed2aa8c8200220a65d22dd5f06792e8818042e38992c111", "5c64954c2a54ad94a821ab643aabe39d96aee6b3ea80b61585c6d2788e4cb831", "5d509306107b612cf91f257107c3053ad3c74afc1600b9f3af782423f41b0226", "5db430f6a7d2cc0cce57d240bbd377b4da9c7a197d888db7646e31739443f5a1", "5e4d369f9cf6dbe68852cf58274e9d1fa2e6cfc7c9b9d210317628802c22b793", "5e89e8cc11ad4c5e2f4c78cf47583b79312e29e9e2a68f631b734935a48335c8", "5f22b5da4435d10aa5fb6b90a88d799fa5aba607694c9989cf66937dd17973eb", "5f28d3314d58df40df40f3282ad1f08134bd0e2b79dc758d058cbacf84c6187e", "5fb5915ff366b316de256600254dbe77db1449977e59ac68d487ea244e0fa2fa", "600df84a0514410704290d6dfb69401c79af57bd9e7bcf996b6231273b968024", "60a32bc8f1500e15bc2735118af91132ceb4f485a851adafa7666c76bef198ee", "61fb31d1c92300a2dbde669aa1cb52e5155791a161224f85215a7fb742a2bf79", "62d95d7aa456386329f229fbe66cfa7f46862cdddbd07f62d86cd3fb8d8e82fb", "64d3316f23ad947522c32c59a1f7a1b9e88f4f90cfc76022610b0c6831f40cd8", "64fa873a62c2089a341ab4ed0a95933a5fd104fffa9aeb0c620ffefcf8a6df9b", "66a1922045789883b7738d386dc5e8ce46f4db003c8752400dfe135946c7f1e3", "66b1181af8d8dfe062df1235eedb3e940b3ae72726c15752c91fadca83cffdf4", "67129e1b559614745b93554f6bf720f95901058920930e178c758d78e6cdc274", "678a6121fbcd129d8fa5ae96445f6db073959c7eba14a2bba0109752a89683cd", "68a5c9352b153850f1f3f846382ac7f50947e19b99aa296481b86855e422f5fb", "6914af8088ebca74136ac520330b37626ac9f4df33774f43845c7808dff20aa7", "69bd1abbe249bf757f2eaaa9776e5ba58098c4ac07b5b82ec458b6106e15e90e", "69c834fd34efea3c07bef67074a007005b017b0e1576711fb207b17f3d538e01", "69ea20eb4d0c5dd100b4ef3cac81d9f614e32103e987bac33016e21e5de5237a", "69fb0c78da28203be4b4e76f98f97ade6247e07c0ade1f91b8d380a636e85962", "6caa15b2681a038efc3f771aada8fde79f9eebf9aeb91c093c72deff5e7d7d93", "6d542027bfb9e835fb7cbb23bd38d3f436a745d0850fe8c892c84c3e0ff4ba1e", "6e7f7e436f70c10e4fdc5d5766464e3625ea35174524bce4774a99fca02c089f", "6e99f12574134516d7e51c268995459f05a105869979028a7b1e1f0c1ada98f6", "6f248faea96bf7da00ed9136a978af12afa42624acd881b859362fd08ec786d7", "6f5f55a71041bec74e27ab775f2f38c4ee373a2cdd833b1a92ca42a795f5fff5", "6f6d638c14b7bc6c9a59f0941aa558d0b746687c28cecdaade3db2d7d4d1b49d", "6fd36a897d3fa640eb7e52ac834f52494c3c78ee17a7a9c5613c80342b024051", "6fe0dff0868edaf23787fec281d5a373d511fb9f17285ffc56eb2813c3c1c00d", "7044b4fa8d6649aeace882a1a748996499481713c43217545d5c26b097b96831", "706cf15d2cf3e3373d81243ac313b984af79fe124f7518a1b804d309ba317bb3", "715d032965a9b02017d24f75250f7c6d84e1b587e082b276a9e980f5a5b56bc1", "7164e198bf672fa195b4c468da56f427867f25e8ea4ae9fb1dcceea936542886", "717ef1b7ac49d69e3a5c851b3afcbf46329d20b0720b8df777ab1d786d7acf3f", "72d8ae81453e47c8bcdc52fc673b4be44b1f52b82df948e87c0799dd5d5cda3f", "72f2d980d058d3e61cf7a5847c6d54def3cdb6f278c76a41717671dcdb68c975", "737153b3a7b9b693e68e47c2e6921ee288a7471f071875a57c58a23ecdbd55ed", "73c26fa4203342c7adf9e10d0fe9ae420bd3fa33c063749b0a5f5962ba973893", "74d006a88f53c407b83a5e6bb78d40113f4a4a4dada3f00d04e2040f08ff94b2", "7556bc72dc8c0e216f76a27ee973cda4a8ed6c3c7e3be104a30409011960091b", "76f184774a2bff103360d719e0efb1bf4fe0dfe0911422a902838cfd407126b7", "7716bef6ea6d98eea549f3f1b3a3039a5c0d7f454c6afabad2113e5345238c49", "7725cd8a1190a226fcf2a5e624db93915828906484629cd40f4ff1591472c889", "77ded39d4d32c7852eb996cbdb6f28701b5b971b2499509e0d58e784a59a9e9a", "77eb28314b5380dfbc5981a8a77c4e0d6211060a3aff265ce5c6d840d991af4d", "78a6ec56eafbc345e0f44a9cf289298e401d42961139870235fe82107777b294", "79093a9871c247fb1c1237d62bdc2ce705fb01ab2dadeb2771d921d200edc089", "79151ea2a648ae4cf72bb62e98f3ac431b83d22e66c9f69eb983db983557bbfa", "7998e56740626001ed1ae2d4b61f724f8759cb5efb9e0f4da6c6a80c203ed63e", "7a90f5ef40062b53fed407b35f7980570876b0314dab1daf30e9905dced7f92f", "7bcd9e43cfc51aa04f9594961e80566a174b1ea6804df9bc921b24f15eafc61f", "7ca89b3baba07da029d70cae3ebd57142ce0621861e55b780a9e5f65e24bd702", "7d557ce9407db94db643034aabf30af604f06f92a782b46bfca8d2b696940068", "7daab6e6594a896e40fe4075c65c5c6cfbba36a6ac22a3eead6d7f11ef3365dd", "7db1a423886649e468d55d383c3982b070ab6b3960d36bb635d4e8de6caa76ad", "7f0c550d88d214c33e7f317c0e7a5a4177eb88f36bd5b6e998f70b7a304c3bcf", "7f8632acda9720a9a16beb6a3a836c4119d25bc5b7381e95e9e3f4cb684cb841", "7f978b7fbe1346c55aa99d8180b320b88bb52552fe858410783946de60e089ca", "80cfae53095483556afd21b8efe228f674533ff30d05406d499fece58fc0547d", "81edf624f2425d20ce47b057e16552d6ab5396fdb630bb0c727b5119330ed036", "81f64e29319b6123e23d7d2f14a3df37be1621e263c3b18d5fb47cf4aad13aaf", "8225de32da35cd1dc49da9081f887d52db698433eaa6149a23325a47dc54a844", "839877b628272bad1c077643da6602e90204e21aa96c04c68fa689892416a17b", "847eb22f053ef32bf650508b722e1dbd3b646aaab79060c7f0b11a00f1cb8a6e", "84a4a18b14f1746391d680be3d09c67e961396096917f74ab94fb9decf6ba008", "853bc298277a9256aed3ed9c17ac156bcc17255af9d8949feadd700e870edb96", "85609cab1a35c02e5d1647584135af2abcf7c4eb15e6de2714b726618af7a001", "8580bc41f105431fffa77a9a2d4c58cbbc30f426d0c2a2adf79dfe2c333d6521", "8682e886f8e4d2d764f1b8a1bf98c4e826aaf26793c26c224fa4594676e40fe5", "8709630fb8374f22ebce83cce5e16a92ef2f75b1183eb40869c36dbe2ce9136b", "879d5d5b2c4a0a771bd8482bd3c7f30b6a394366cc1f7073dbcdaaff3d67c535", "87dac78ec60422ea2defbd6b7b0707ba2c8833329cf5a1ce69479faca31395fd", "88d4c5ad4e5973dd84b717f1c5ac4a80427c9c80509c018487c3925bbce959ae", "89027ce5f87d60b52712557975d5cd88ed38d91473ee7993f5262fdf4660a9bc", "8983a7ee16f9889d7e4e6a966cf1b2a321c43c08c29b167b0e88106e7e0f5d88", "8a09ee8b01122c49c1bb23d3d225b80fcbe1ebb716ed18539e619fa4edd09ffb", "8a1cf0f4f3e827d60ed72629e603dfe7c67e6382fdf02cf87d7a779fcfd316bd", "8a3f68b340bab098bc870adcd00abc282c24f3b173d301eb4071e1b655c1a71b", "8c0875bdbc39ddac1a1b1af9dba4b4f5d53cdfdc40780b7d69552329b61599f1", "8c74135cf0d838758385418d397fe6835e13190f6c421e400ed973c62022ef71", "8c7d66d5de4a484c205b29cd5e66fffab6045d0321cd094579440975021f38be", "8ce55400d40b20225f42f5f1301fd861e6f2faadbcf15f93a2c9be708d4d0819", "8da578f5c22093c6a7af2e62408dd8a6c606715ab2a0a830cdbd2cde507a2438", "8efad1f20342ccdfdeb7b7468b7f6bbeaa3bfc0b2849782864793c66b464703c", "8f57143d3e223f5480bf48e0fdc0bc17cda881b91f64f411650542cfd3fd2b89", "8fc773d5f0211cf1d2f8a780c594895aacb196411568b160c0c0fc1808be8b87", "8fc8142241022bb89c2d6b1501f1079518cbd7fc763784590046921014744791", "900bb8920ace95b3b9ca4b75cdfb332e9d9937b74b8bef8dffff445b8b223939", "917b28a1136b07ca6460c04ca00bbf3e186e266a8d9b0c1ca949042980297411", "9239094586bebfed56416542236c63f4dec30c025bffc0f9a5093ab19462dca9", "924c8448b782d8f9bb711267d490519f9d0e729d3e617c542c7374d4c96f623c", "926d24388de0f2621cc92bf92271becde534f81f0154a250c0a4a05b976fb5e2", "92a0e90f5f3b5d5ee80b930abc40180e2e44992d5f8fc880387451e43f3add5e", "92bf60f2e38e79d678e2ad92ee4e953d60ebf93b45bbbaf7ed1784035276110b", "933daae0fe34a88c9e42b30f952ee52095c1a13519c0150be9274b124e0719cc", "9394e7a03151af65ccbe70d5e6e542af1b491715b051a1448a3d20f9dc071583", "93ffb322e2b00292f39f115db2065bdd52c7b7f23f02e471ff55cf12338fce27", "9411374e634b45ff197defda23b9442a4318b97870619dbda330990916a010c0", "942076a4043b06bcd699a7d4311c926e4c39337f78119696bfc9946d728c44d6", "954ebe03e3dfd89f9d31f0968feb8bca652e7cc05aebde5932644093070dac7e", "959e5d6035f3d1ff05978c1e67da93215d618367e418cf08dec375d092c51c09", "96285bf59527f5ae8efbbda98ba947c27a3a6c618a283ff754d8276d23996f9c", "96bc031df565ed475fd126ed52eb69b98fa3c0d3f8065cb401d6648f4af5af69", "9734299055c765cd2b74e10a487babddc6408bca76b596e627d9936de748627c", "9743589ebe96d21e4cf247476f52c44b0deed12ae27169d26d222fe94b4a2417", "978e2e4904c5079b5396f1d4dd2e63a54a41921d5979a9c386a56fb79102a389", "979d43892ade18f543e74e1c5905e0eb5836902001f71b792e52a589ae9aa01d", "980d718614b8dd249518766945a8785566650b7ba36bd82177fd30073d74a50c", "98605e79871b3b39a0294150f9f1be86a047796b491564c4c36f23c2e9e00519", "986690c60ca73fd8359d8ac32c984f70f74c2618dbc5d056f5254f214763a899", "98e773b22045cf4e9aa565d55eeb835d5c5f9e8aab1cc23f5e4df611bf7ceea2", "9949f33b73a3f30bd0ec4b830a70c67184c704cc8733c7b1ab6d1768ef99ee6f", "99dbed74980856a7ca0909f25f10141d9662ed2b82ad4febe6f8614964467726", "99dc3988ffcbd725a7290a00b37c5def44269dca41b5fc1cfecb95f3dda9684f", "9a05ba3d70508ead9abbb6a1dab42025850e80061537c801de1e715015042b22", "9ac591e694a7525535ae3a5d52a7c8593e6b18f5d90333e4a4d08a243c1dbc01", "9b03116e49f9c0b69af3819b8c4f5b728a02b9a8306a3c03df170899eedfd679", "9b9f9427d32d295c0681bd7814b17a0315fcf99aa0da75f837df0dfae8b5a6c7", "9c5cf176eae4d443d3d1d3558e4f8aed2235448cddf2643fa0ca09c6a884f44f", "9cf328a11ce716fec9d8e71a08ebd6e47f2f49bcf00f86bfa144cf9730b287c6", "9d0865ce76401a038e052521c13fadacfb136e186a20a841024a7ef5598ec3aa", "9e702ec3aaedafb21a567f64e9802d2ba50940f88e9561c130f2cc85bafe84bd", "9e9d26e9133222ede5dd3b62c985824d659cd2db7328c61d24a0c3aa640076f9", "9f4a641b78690b5ddbefde3289b6d9c3e9485ae221a2cf88378ee66c2846a941", "9fddb37dc497532b7e3817213282c1439e00516dd37e4e30f57af80af911e483", "a05c8a704a4d8e3cdb77199e474dc7d3dc23e469e5b77c6226f2888b6cafbfb6", "a06874fbf433c67a9624cf2c8a6ab66a20c19697adbbc6e9dfa8179f3c15dc97", "a0792ab2f6328cc3e8dc5d123b9679cb798d0a662206580392a5acaa9c7e2d94", "a0aacebf3991c1fa11c3697c46dbc402eec991ca8f17aed18ec467445b988ae2", "a1703756c47712b13d17e32f30b30801c7cae2ac05925baba94718c5ab8de24a", "a1c8d4ab7ecd71f1155e7c089eeb41ea8ae6eed65fb1417701bde54762d32a43", "a1d1c3d8303bab2e436cc6f9027211cd227f391116ebd00c86e8e830e01532bf", "a269f023758ca05a5d5357e2dcf5987fae6d116993d5c62657b1bf6984ecbb07", "a285bac54fdb23a0a7a2f6c664404233674daf2db042e0862e00d3550658a58f", "a2c3206063c93e4a687ac7dcc7f5ba94e99334e7d0f063a4e0b64309e3cbd44d", "a2f6627dc380adabd32a6bc4267be0c413b6bcd09aa4a45dd1e71b160d559c4c", "a2fc72b0773ee67be754cbe639c6c88f0bcdb36fdd61239ed425602842541641", "a41437439a13ef01e39733557856663ef187317b74613e9489cddcde3bea0c5c", "a45cc21e0af4460cbb823af22a38f7cb8f229702879309c977bfb40751d06dc9", "a4834f053fca0bb17f8e3572bbbf8ec169ef86d075187f905bd0bdc9a1e26dc4", "a4e42105b1150cf2124eb88d2fe41ef55745e04afbaab64978fd6993d96da72a", "a4f9df1dad2270be542d6ff3ebf1cc83729f210c9e2efab3ee01c9647d0a5586", "a53ce35a1c5c0e386febf1118c49ba902fcbca8a5d375fcaf591ab447bbbd938", "a687b8971f43a8a007dbd2ee7dd03ed397e7ac7a097e0286b5cea24ec6d90e31", "a70bd50cdbe7a847bea46ccffc7d86f0da194fda7416e52bfd2a43f22f90528d", "a77a21212951869624b2cc9a275e77ff4faae761ab25671fa1ea5770a274906a", "a7d0a74add67a1375ee601aca90dbda6753da4c6ffd73ba1273ff73a34676e59", "a85312cb8ae145733817c904469acb5298f0b449b1f5bc963c988303cbb9bb23", "a85caa3f4326fe2f77ff94088b0502711468cd4774cb2f2dc655b791908eea44", "a87a6c163972b2465b51fed0cc80415c82b8d9576b2b852d5e3015fa80e95c91", "a92172f2543bead07a18f3c2e05d2d1a7ae045c54372e85e130533eff9f85e40", "a94ee7e5ec9f6f4b00fb4696db2928fbafc1ecd83f7ae15d3796fe515525d87e", "a9fdf3005fb9d2b66b86ce9d915939d57c0b9679daafa7e9c81debbc4ca9e293", "aa1cdfd9465f8a87f8b6cc88e2cb2fd59c1eb7ec1caa0fa66d379fe885095b45", "aa53d097f42ed93f4807533e2c8acf787720208275fe5d2f9f7c512f949e365d", "aa8312d64b165607cf3168145e11eeebaede0969a557dbddbb69b2c74d2c8c85", "ab3bb23a8a837aba88a627e9d0d25a5282265af216957f2ad7555a9a3df27259", "abcad89ec92d2e7e8fc0e345ef92f6cdb6a50707bd597524d5e4b38de542a095", "ac0fae8ac96cde2b898e3366af675260f8134a2e54a5d7662dddf6ff12ea9234", "aca581c5149773a1dfb5de1c951b14c2e5e18f269e1b976638106293d388f2bc", "acc590de17af8c483aabf301a65541c2f8e92461e0ffb1a9fd6e905b3b86ca23", "ad84cd0955d25b2a484b9dc6b69949b5d3fabe230a25e136cb47f274cc2e6595", "add5b98b8b2ca3367791bb24cc6109d9a774ab2a8892cff8959f2a56c322bf12", "ae3f05ec07c3fa8aaa66984d476b22c735fa986f8648594736ca639286b5a413", "af41fd96c63d20beddbfd0613a632b45207adb9e8af3304573dae6bbb9c30e41", "af82cd6d6323ac8abd476774809c470f0ac44167c2db6a0a3a1666135ad654e7", "b21b6fb6c15da4b22227397414a53333814fbcd6f97b7c923c591fe32a74e63a", "b223d44e2dce50afc8e433bda80c59dcff05ef31887effb038e8d62233ece438", "b22b6442245e307c9072e0ddf9ad76ef1eca1c1918e96b3d957197b3363fb142", "b27d8125c37326dd17f9ed1a41740b85491ce2227b7c37f50a243bd3a900a209", "b31468bb34ce3aeb98c5b5ef7a3f414096d323087ea6a3d1021cc3cbdf61065f", "b4483d55393387968cddac7ae230793593eff5e894d7a682d67b488a70f79176", "b5936cad315a96fb5e48f911ff87db24e15ceb9b9eeaa9e1a56b55b7bee68aa7", "b6afec034bf3284d841a8f2e4ed180ba38fa9348b26553fa206cae0ea03004a2", "b7b43ecbf15d9f00b4cbe07c1d1a58b45e8b4c85f9794afcb69c2b2e6457ed23", "b889b3d77c1de0d21cac5672fe3994eb3583d3ce64fb2c3258e561580de512b0", "b8a181607fa1511a5e8c6464635188a25bbae3f9513edcc8fa3052ac9add26f2", "b8ae25b776fe02ee0a12e950b66c9ff7fd8b165f5b35914e1aab1bef3c778367", "b8c8664268ddc915549ba25bf8ac69e97d0ebd14765b21ad23c056061904452e", "bab9b528b22ab560eb1e7ba14a8df8753216aa6a6f39b5ab88cab44de030c048", "bbf28e642100f4f1b3e60991c23b24b4d06dffc7767b606c7d4538ddc079763b", "bc5c93166374eb320d14c92eb8acbf1bf13412415b3123bbb2b554439bd77ac8", "bdad95386bbb69d04a90ee0f0cca398521641f30a273b44d04f3b576279d319f", "be415c8279e5cb791df6eadfc3be0766272453c0a201f23dc622b1ed617bdd40", "bed19b7c5b8ec0a79c878d953e13c9e5f54c93fc2bf43f4515e3a546d49c1203", "bf3bcaa5902a6622004d45264b7bfca78c8358dea22a8a8fa66eeaab16a5e602", "bf6c41129df32997f822ac0a2bfcdb8520c11ec67063e24f287b62d79708c85f", "bfa36bf44aa74f3c99d5f3d9a0751d173fcbf73bd6efc9b68d880d425d845f25", "c0647ecd0be205595e6807eb96335610caef7295f6d6e1e412d111e7f648e1c5", "c076e4fda5bb8c7938f7fae359ece6a637a71ddb5d5c2ab13e07d41f78c6cde0", "c0fbe717e56058042ea19613474079698e3c960205e4145366a353e6e6a70ddf", "c0fc6152cbb4e0439648b0a28aec8df818b7749d4b898ea1e1d44a94bf21a966", "c16e6c13e6016af5c5adc82e848587e63a1226d9e00a5bd6cc5767410427c90c", "c2c8e0aa21140094d5fc95fa41dad7b92dd5cd0c4dfc5d6b48a663a71a49e42c", "c2e9b78b121baa8b78121f7cbcf576263bb38d1d411226ffe7d417d7aff94a61", "c30cb8b0fc372472fa2bfa2ea01ef4fe582f648effbec038b24cd9fba918a9fe", "c4b1e84a64505d82681bd5ad071d0222a2a4f8eb22486e6ed09ce9adb86f377a", "c6a693670549e921abb8d047a0a4acc039fa049839888df327723910c94a6421", "c6f125c92c933f826bdbba1c366f56e4158e976d4d003552cee403d414995cea", "c772d8cf87b1d0230f7cc2fb749f75eee40df08b9ce81295e77424867b3d5350", "c7907db7087416806907e0dbcbd7c636e8d7f60e4634670f493f1b0c795d1aad", "c84cbebbdd31e9529943fe477a83b378b189d49cdaf8be8b9b164475175e9568", "c93e6460c861a32cde646929262babb21f4c2ebddbc2411a34d2e80773d160a2", "c9e4a731db86fe86a73973e48b3293aba2af288e1ea32bb1aec940f02edc2278", "ca0afd0f5854af908d4effe417784ab49afa72e3bcaa1c7dcef37dc7bab49329", "caecaf40ca32e3a7a0b7512be87bfb22bf3ae3cf1ca45f9e684fa5cec7f5311b", "cb8fd7f89bd8c06b022cd7a3fdec885fa855a6ac646d079542edf3fbc9bb55e3", "cc0c446610d2115b7b15e3aff68375858cd15215d4d7cf28acbcc30ca1ae59b5", "cca6edaaf14aa01f7db260bf62fa8d8dc0288008233e44a2018cc4b3cc90f6c9", "cccc2378fd057eaf88ef24c73b489eaec11357e82f36aac1e9ff9695075338e7", "cd1ed1f93f4c7c897699636be0d6de042e55e1f9434cd397b7b5465c1085dfc6", "cdbd15d2165b058c2239d5c9bdcbb61e2c4c6ac453eaa0ffe04304e3fb4debff", "cfb71ca53b52625eaf24c8563d1efbf7b07a94bf7091752cffc5d15bb4d9b5ba", "d21bd60b4be973e17895ba8ccddee687b163e968a94d2ef639c5defb0be7751c", "d2c578ec922ac19b5db453ef76f3d1fdbeec1036937b210999c3052b9b410527", "d37a1dc457e84adcd62e3302be120640ea8ce4dae719ac0a18d4025977f4596a", "d43817ff9e11360a2ec1f4c066767f2beebce7df3cf3500cb6826d5582bddfa2", "d4d954ea4d95326674c85d508b8efdccc91c695380b5d2b1a9abebb4d1b85d2d", "d6613fa95317f6565f7b5d14cd36b11ca1e7cf382b589724d666928c4cc22a9f", "d66f396bb65d7080e993caaef0f98bb3449e6461d0f992b1a344f32bd3dcb54f", "d699a11fef63d9873cf1dedf848314958ccaa1af2ebb5b636c34bf4b940dcf6d", "d6d6ccda51608fcb0ac9fd11b657d4831beeab5c686dad2750d94ca67bbc5a10", "d705ed068e72ee9ae1fc0497ed03fb96f50b3ae101e6af7229ffeaccb741c3a2", "d74d7ebdcfdedb958d4161acdbd72d758fa8ef5edf2f9c4fda3898e03d8aa6fe", "d76998c671a01231806871b09eaeaa7e998ac66ef534d077ee740b78eeae41f8", "d81443ba9580579366a95ca759a784f59a15d8dbe1d5f4a003f5656f872f6aae", "d8ac56fd46e2a3151215a2984a5b1270ef6cea7517cd48fd472972abcd5e9cbd", "d9dcb3fc32a82594889290da38ace152642bec6b2a3c3e6ee3b47a964017f396", "da5d71174bdf6120499847eb10c52ee0f202e5d1bd267a8ed98b1b13fbc90897", "dabeaebd9b3bfea03e3d85b95592663cdbf22ff03412d3bdd8e01f3049b6bc1d", "db0192557a35a50f81a00e8e064969f56cf2cbac62d27cff6d6f713d274007cd", "db2ffc4d3305ac0f3ee7d1579dc34b4770dd22856dfc4300795d933a5ce37073", "dca43d896c7d9c4aa9eec6e84156c81b053988c7975807f8bc03644600c7a871", "dd0267e4fc3b4e95b1b71c21c123870176c7157dd91e1c0639d1dd9954ed47c7", "dd1bf9f8a9ea2ede5bf5e7b0c5c1ab83a39bb4ccd7863e0a57c86f278eb40ea8", "dd8d3cac99ff8e8324628d4f302b641485c5f94e3bcee93170f69e4522cbaaea", "ddd7ccd39303e91b9f0f9a2af2757a00411ad0ee039ab700adcec5df046f5cdd", "ddf041bae26201a65d6a5d6c83040a2c55bb79e019e17f146871755c903fe4f9", "de089ace381ee58fb3f12d9c5b03f12f5ba6eddbad7320fa6e6bd4ca953774f6", "de3713b0db23dccac2a98ee24a8763bacbafce728446f27cb7fe80165f53aab7", "de828464e303d02e3ae50a8f8d9147abe03719fcc9abafe9c0df1faa60c619c0", "dec2c1b75547edb4b32fac9aa156074f05adffab281c1e14f470fde3b093a55a", "df013b8fc99fd900790cb68f8829aed6c63a789ff1b99d3849dac52b6e132971", "df1008b5e0ad2bf9fdf9de809544ddc70ecb0009c12a0690f0729296dfa14e3e", "dfe3ce587f7c76c126b4993dcd1c7eb03efd7ddf02a45e5d2be952839f4a7e5c", "e01b97fe3418d7f4b106f2ca9e7b40460b302e3f5bad0f9e1f964852d4bb3cff", "e06e67295686a1e5f9a137288ae6737fca26dde53fb3719dfdb07bb484eae047", "e0804bea8f3a91224ecf3403a88e5a0209381aef7b3374b63ffd87211a8c89a6", "e25439b21fafbcca5d202fb40ec3cba40f59e2a3de639f434380b5fc21996145", "e2ea0e3aa241b6b81b1a55694c57afadc6b0a1a314aedeb516fe5abdf8c32b8f", "e2f2c60721d305b55b778a77a322d31bad97b138f6f712ce3689b118f6136152", "e310db98d8cff5233986e8aad92d28671077026c6bbe851efd04bbef3c188de4", "e3cb1209bd34c597767dc3cbccde309c14da991f4e380a533d9a3760d3966936", "e50d850832a7960d996abc18cf24e8b73049f957ed7f6e967f99299928738692", "e563677e3c040c1f8f666972d55d9fbd4d21f0e4964636c541330d68831fdfc0", "e5934a3a7bbf164f25ebbef6d5504d8eece5006753dc2a66d0c29387dfabb0f6", "e5a4a930db9db28dc77ca9681027d90090d9a97bfb685dbd17c7fbcf76622670", "e63a166d2c8aeb8924daae178b2fbf6327dd96891503b7bd1fd52bc5ca2a5812", "e66c9887a23733c8540c1ddd79e4a6898926952b316ae274202f961e930beefe", "e7d1ef9f28bdd29df5b3b67a809cee65efe43638e0ee8954e759ce443778ef2b", "e7eaca8f74b211349026f2697aa502cc500de4f6789094329b3cb8326f662964", "e93568b11cca61e2ca780caae4ad9a55d69e7ee93d9895567233865108d882db", "e93dae7fbbb78bd4963c36091d01564a3bfb0b4e5036a8e4559c5f0aefa9ba5e", "e9a6dc63147821b60a8c6f6e213c5af92ca6b43a3f49874b7d80021bad67eea7", "e9c4c05553f2970f8372c285a8409d1e572e827ccc252f1b8c99d08f7ef70ab4", "e9c82e630504ac360d25e13e9709e91613c8938ec206728d17390d6203d4b9bb", "ea1eb94a1d4164bdc7b1c91b35063fa6638133fed7e84bcb199bf4c59ab0de8a", "ea96356307b323996a6b80644de7f9dc2c3244ce4e1edbb38d3bee33e8fc0fd1", "eafabbccf96d51c31e4c26d0afd2d09408ed5d283ab61e575465cf3de80c62e8", "ebd3102a79a62a16efcf12100e322fab42ea34c88a0bd297eb760b065de628cb", "ebec6ba593346ee5561a768adea4ac71d208f87730d56c12da5ec8dfcdfd685e", "ec15a89aecf7369de7438e3c893bbb84d3b3c73e977428e1cb79f5ac8318cf45", "ec501d5cb02e121f6d2e719352b9b614609186a6c7cf69d8c025d7b34a113ce5", "ec5e81ac33b64df4d81020166597e8b498a9c0cb63841c64e763b325c449ef54", "ec66464fabf3b9a91d9e71d1407ee45087bb556582a1324f44530831fc31e89d", "ed242a19ff0a580df77371d83f0bfc87e92494d9ef28b347028f231a86143599", "ed5367f29417dcef12911c189bde453dac3fc43f139151fb2ac2e691fa99eed2", "ef5d87fd508d9ecdfca9efa5b42148ff9de227679ceb7c67467d7f7ac8f46789", "ef98fbe8a883ffdee7a299c520191da029f8b7b38e954f15f9482794f61048f3", "f033d38548f01ddebe4cbef5087670ea5f07e36fd0e649d3c85528c2feca6972", "f089b393bf974169f56e54fb96dddeade43a24a57e2ea7a314df96c540fff531", "f0e69d7364521fdeafa5987e10d22f2cc237c2fad3ab13efc65ca11c471caf7f", "f14d7326e7b9060e94ec100cd76d0a3469b37006cceccd9b92de1b5431fa21bf", "f1d1cfa27dfcec98ad789d0d107ec62001a8769d8d506c94a05de93e0d0c42fe", "f2317ef3b9fe7a600b6459f79eed4373834808d852e35f3ac7420f78d4f57926", "f4025574abb971f5bdf24f178a9c43f5dda75ffbcef122f81cc40153deb052e4", "f430c7a1a01f83a2042302975d8b4e912e324a6c94a1de09fb39b533d86af846", "f51e52303219dd1500dc7416b3a1c46e54c1bbf3f5bff8847e1b1fb78a64b0b9", "f585543d0fe6f62e211257fa31db547d2badc230284760e01ad06e6a6118383d", "f59e50e8cfe2a279bf85f9ec52309d86650a5d5d4a975a3e7bb75bc158aad616", "f5a7d2d9ddff1f0cd65b7a93836d266e62b0e855117dd8050e191d83f05aee51", "f5c7a8d0a9378324bd63426e772e44f17e7197e6c491ad002e8f68e212575185", "f5ced0437413b2857e3c2f983bfb6befea84c986840ada9347d540781a940284", "f614ee21630b5bb027b115a66d9bc89538fb55d3d1e00286dae576b98a55eab7", "f6579e77ece47f3a469fe79999a5533afc164e66b1e0c9150b86b8e00fe3639f", "f6880229da5e81c1c2b531b62e0736c8add1b8f35ab0e9f591570083e9fae3ef", "f7c9953a12d3125f1b1a7391e9ef1da41ebb0fd13df76e5250a82463c47ee19c", "f8500343161887cd55198c664541eefc77ff864a3baa4fdf7c50bb93dd947af5", "f883ba302d1113d9e3700654a1bf3afd6658e2dd7ec008ce97d5e2fe0fa2044f", "f9697892dcdbb81f93793fb534dcc7dd0985f6788abc393a1dc71dd31708ee6a", "f9a41422d08e7c23f6c89e86c00897c432ff900076220211f3f9897d43ad1a5c", "f9c46f84aefd68c303b86c7b03684b2a74840916356ae4e55f021624746177eb", "f9ec17428a2e0288f0c4e4f2ce786d301b83c9abb266bedc5cd42d15d877b28f", "fa8351f591b655f72bfe2187e08bb7730798337d8123a7e6835bcab659083788", "fe77991e40466e2cf8659ccab494a8e6584f668d249a3a52a9e71886921eee0e", "fea512297b331bedce3147b0b7f87109a2f5ceb74511ed747a2d167ac24238c5", "feffa904815991e018eb9fec1694d6ea58246075976b3ef01cef66a3131d6779", "ff05f3b6bf6d8f6974942943c648999b443a4a433dc1a45f5c6ab50af389ede5", "ff91ad63e9b81cca3d884d9fa8628a1f667db0fce428c5240aa1665ed9d7358f", "ffc7e5dbedf57c8bc2331ed7525d9601a28d2bea0aaf6be37a1c13f8c774e64b", "fffae6adced480ae3ed2d5bada9495bbc20a3b74ccd3bddea8ad21deb3e01d66"], "iocs": {"domain": [{"host": "www[.]millesimalnonremuneration[.]site"}], "file": [{"path": "\\srvsvc"}, {"path": "%WinDir%\\ServiceProfiles\\LocalService\\AppData\\Local\\lastalive0.dat"}, {"path": "%LocalAppData%\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat"}, {"path": "\\lsass"}, {"path": "\\ROUTER"}], "ip": [], "mutex": [{"name": null}, {"name": null}, {"name": null}, {"name": null}, {"name": null}], "registry": [{"key": "<HKCU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "value_name": null}, {"key": "<HKLM>\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\INTERNET SETTINGS\\ZONEMAP", "value_name": "ProxyBypass"}, {"key": "<HKCU>\\SOFTWARE\\MICROSOFT\\INTERNET EXPLORER\\LOWREGISTRY", "value_name": "AddToFavoritesInitialSelection"}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "value_name": null}]}}, "Win.Malware.Noon-6854584-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This family is highly malicious and executes other binaries. These samples contact remote servers, upload information collected on the victim's machine and have persistence.", "hashes": ["0943a587d42f975d917bc60f8f005b792bd48eabe54536c61eaef36ee584dcc0", "162872c960b6e48b45ea369bfa3d258eee4f479b4b498e5255fbb4c9c269a267", "371a044bdd6f70866e13bf6390da862b5e50a763237d9f2fbb24819a3d861ac5", "40094d7e1dad49a198122dcbaa478f6ad209195afa1376ad5977e374c798fbb2", "4a412b49a26f49678d097725e5ce59da94264662241ed0b7945cce02f366c033", "734e94e32e2c0418e3216ec25e2065433caf355674867a5d55919079a6ec5938", "760a0c53b23f3d82ff54acb3c49b1fbe2d33d486ad7a8056be3cb7a495391758", "8acfe115a997dc4cb24fcab62c80eef8fd3580c0aa1bb2308e6326069311d0ff", "94969ce153aa5109f92842d9cfd6ff038623bb64b657a60ae0f8499fca60f7b5", "94f746c852afb96875a8099e62d57ab1f8eaddfa440a77f2f76c2123c887ea2a", "a688df4d7ef86c28c5789a1572e7b9cf9f7175fc1432fdf87f168ba7dc9f11fb", "b91b055bacdcaa77c6865ad46679fe9735a6eac0e052419705cd3c9323bf7dac", "c2f2c6ed54f470b887836f0a9cc42faed42503618747b5d843f4b9db448cbcfb", "dbb6046d50ea2889e178e37ec7fb49c247fd2ba48c699562eac6be8acf7ac4d2", "dd2df86722edddf0d95c827fa56a737913cacde56c0d417cd706ee58b99ddb37", "ff4d8ff268c02c8c48808a51aad0cc528fbc23aec709823347cbd03cd74cf80a"], "iocs": {"domain": [{"host": "www[.]klomaxbv[.]com"}, {"host": "www[.]chamberoffortune[.]com"}, {"host": "www[.]holdf[.]com"}, {"host": "www[.]giantbuffalo[.]win"}, {"host": "www[.]quantiz[.]tech"}, {"host": "www[.]ciercglabslush[.]win"}, {"host": "www[.]wcqr[.]info"}, {"host": "www[.]asfloorsolutions[.]com"}, {"host": "www[.]i-executive[.]com"}, {"host": "www[.]saintjohnmarketplace[.]com"}, {"host": "www[.]saintjohnonline[.]com"}], "file": [{"path": "%WinDir%\\win.ini"}, {"path": "%SystemDrive%\\Documents and Settings\\All Users\\Struggleres.exe"}, {"path": "%AllUsersProfile%\\Struggleres.exe"}, {"path": "%AppData%\\30NAO081"}, {"path": "%ProgramFiles% (x86)\\Pkz7dkzi"}, {"path": "%ProgramFiles% (x86)\\Pkz7dkzi\\Cookiesnrqhbx0.exe"}, {"path": "%LocalAppData%\\Temp\\Pkz7dkzi\\Cookiesnrqhbx0.exe"}], "ip": [{"ip": "198[.]187[.]30[.]49"}, {"ip": "69[.]172[.]201[.]218"}, {"ip": "81[.]19[.]145[.]88"}, {"ip": "94[.]46[.]164[.]14"}, {"ip": "98[.]124[.]199[.]103"}], "mutex": [{"name": null}, {"name": null}], "registry": [{"key": "<HKCU>\\SOFTWARE\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox\\", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Thunderbird\\", "value_name": null}, {"key": "<HKLM>\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion", "value_name": null}, {"key": "<HKCU>\\SOFTWARE\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "value_name": null}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "value_name": null}]}}, "Win.Malware.Swisyn-6854761-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "This family is packed and has anti-analysis tricks to conceal its behavior. The binaries drop other executables that are executed and try to inject malicious code in the address space of other processes. ", "hashes": ["073fedd91f616c324ba2ed839162c6f6a963afd0a35034e5fc07cbecbbdcb469", "19f91a303132a80a4f929f27c415ecd9dd156313ba425942d1c7fc34ad95a863", "218ff9378f7808cd0085846dcc2564178c632ffec5f7069e2c9963b4be53aecd", "32fbfbf5bb78c2448741bb11a39411b529f025d9069192186556362f530112b9", "394dc1c6011efacd4759251c0449b2fb87a8b4eb001c1b7cf6325ea712207d46", "3a3aa457427f914f24156be2274b348a52d5551ee340e472d21783f7366086b3", "458e2d0b5ef4b6b83c729ff109391a6073c3694765cc9d08e16774f8e82f9de8", "56780c038c42e3d7f71e8f790b5a34fb9a680155d979fd58bc6483843ad6489a", "5e16bfd4bab0dc29173e9a15d6ef6b98c701eba6dd48241c148605f6fc8fb5a7", "6468ae9613dd9fac6ef25cb4afa961c2930c358566019f24a320f7910f29bdb0", "822708cc727fc05d090589e46b6f69cec3b806508bd319557f3d26bd1e686b9c", "8667a433b1e44b529ee76512bf82b666fdedfa3098ad55e36c8668c883202b38", "8ca3fe8ed13101a815d8cca3ee74c7e42da394a822339d419a11d83b18660bb7", "9390e81e988e37d9638ca6a1d2f3c7c1259dbea491173c41ad78782cda620313", "948db0d6b2a45f4ccd9a7bebe08b20c1613c577bf8d0abd0717f1a5c1c7276ad", "b789a641395003148f0d8128e8ae8227e43b6261c50367fb1e55f065d79dd508", "bccb8cbfc7987c8814534d8fbdd9ae01acdfc7b6c987450a769de7e702cfdeb4", "c822b45d0eb29beaba494f6a61fa616ccd4f71c9d823f6705cadb521b18473e1", "e94034199ba3413b2180bdd135a7341b52a293c33b0c45640ba12f6578d3a1e0"], "iocs": {"domain": [], "file": [{"path": "\\srvsvc"}, {"path": "%WinDir%\\ServiceProfiles\\LocalService\\AppData\\Local\\lastalive0.dat"}, {"path": "%LocalAppData%\\CrashDumps"}, {"path": "\\net\\NtControlPipe10"}, {"path": "%LocalAppData%\\Temp\\ZGHVFQ.exe"}, {"path": "%LocalAppData%\\CrashDumps\\e94034199ba3413b2180bdd135a7341b52a293c33b0c45640ba12f6578d3a1e0.exe.1908.dmp"}], "ip": [], "mutex": [{"name": null}, {"name": null}, {"name": null}], "registry": [{"key": "<A>\\{32DE27EC-AB30-11E8-A007-00501E3AE7B5}\\DEFAULTOBJECTSTORE\\IndexTable", "value_name": null}, {"key": "<A>\\{32DE27EC-AB30-11E8-A007-00501E3AE7B5}\\DEFAULTOBJECTSTORE\\LruList", "value_name": null}, {"key": "<A>\\{32DE27EC-AB30-11E8-A007-00501E3AE7B5}\\DEFAULTOBJECTSTORE", "value_name": "_CurrentObjectId_"}, {"key": "<A>\\{32DE27EC-AB30-11E8-A007-00501E3AE7B5}\\DEFAULTOBJECTSTORE\\OBJECTTABLE\\AB5", "value_name": "_ObjectLru_"}, {"key": "<HKLM>\\SYSTEM\\ControlSet001\\Services\\RKREVEAL150", "value_name": null}]}}, "Win.Virus.Expiro-6854765-0": {"category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["0759d83a9d783572b6f1f57399525c8f901ffdb41b536c19e6e70b7764ea8b78", "182fe9f51e9347bae5930e28b842f6b0558dae8bf0b2c108704465b971fcf6bc", "2d2c5852cbe5414ba1a9775295556499f44850e5b8c5162b6a7d9a5a4a877c99", "3de0bb06e54b51c42eebc77788e36675e9ec8bab5b31cba456411e507b80c1eb", "56498da2cafc996346f167c1f1abfd0e6c4011870a6981607b4eaa520eac3f37", "58571a14a78bfe4d51116c1e2a6127446c98a43e4779a769028b84199b349152", "7a72f9e0562311df35d0f40a609aaedaa3027455197180c0c5a931651c1fe600", "8adbf00c308922f3c064644c3ade097501cb2be2e79f77b1b32cfee91f140121", "93dcbe4d4d2bb9f6b0a454312008914485882521ac9ed7fe109cf5e4dd161427", "b3795e744b4ba084946e43e66bb01f05dff180f1302e6219c9f196a220ef7f09", "bcc7a15e9397bf7a58ce3b00bc5cba858738c292f501f376795e7f17fa019325", "ffee8a3dcc7f1eea25d35586024db359dbe4bcd6e8d6ad5aecb55a8b82ee5487"], "iocs": {"domain": [], "file": [{"path": "\\ROUTER"}, {"path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\DW20.EXE"}, {"path": "\\MSOCache\\All Users\\{90140000-0115-0409-0000-0000000FF1CE}-C\\dwtrig20.exe"}, {"path": "\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\ose.exe"}, {"path": "%ProgramFiles%\\Outlook Express\\msimn.exe"}, {"path": "%ProgramFiles%\\Outlook Express\\wab.exe"}, {"path": "\\SfcApi"}, {"path": "%ProgramFiles%\\Java\\jre7\\bin\\java.exe"}, {"path": "%System32%\\tlntsvr.exe"}, {"path": "\\net\\NtControlPipe14"}, {"path": "%ProgramFiles%\\Internet Explorer\\iexplore.exe"}, {"path": "%ProgramFiles%\\Outlook Express\\msimn.vir"}, {"path": "%ProgramFiles%\\Outlook Express\\wab.vir"}, {"path": "%System32%\\narrator.exe"}, {"path": "%System32%\\utilman.exe"}], "ip": [], "mutex": [{"name": null}, {"name": null}, {"name": null}, {"name": null}, {"name": null}, {"name": null}], "registry": [{"key": "<HKCU>\\Software", "value_name": null}, {"key": "<HKCU>\\Software\\Microsoft\\SystemCertificates\\MY", "value_name": null}, {"key": "<HKCU>\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", "value_name": null}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "value_name": null}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", "value_name": null}, {"key": "<HKU>\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", "value_name": null}, {"key": "<HKLM>\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup", "value_name": null}]}}, "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2019-02-15T16:59:28+00:00", "version": "1.0", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Virus.Expiro-6854765-0", "Win.Malware.Swisyn-6854761-0", "Win.Dropper.Ribaj-6855378-0", "Doc.Malware.Valyria-6855449-0", "Win.Malware.Cgok-6854725-0", "Win.Malware.Noon-6854584-0"]}