{"Doc.Dropper.Emotet-7181950-0": {"category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Emotet is a banking trojan that has remained relevant due to its continual evolution to better avoid detection. It is commonly spread via malicious emails. It recently resurfaced after going quiet over the summer of 2019.", "hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "iocs": {"domain": [{"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "host": "themodifiedzone[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "host": "www[.]pics4game[.]com"}, {"hashes": ["2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "host": "www[.]creativespad[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtpout[.]secureserver[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp[.]secureserver[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]secureserver[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]apnabazar[.]co[.]in"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "smtp[.]1and1[.]es"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "smtp[.]mail[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "pop[.]secureserver[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "secure[.]emailsrvr[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]heraldsopenaccess[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]heraldsopenaccess[.]us"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp[.]mail[.]me[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "pop3[.]telkomsa[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp[.]telkomsa[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "outlook[.]office365[.]com"}, {"hashes": ["2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "smtp[.]orange[.]fr"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "remote[.]jubileelife[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]keycargroup[.]es"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "server[.]isnstores[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "mail[.]r10networks[.]com"}, {"hashes": ["4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp-mail[.]outlook[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp[.]comcast[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]rediffmailpro[.]com"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "mail[.]asia[.]secureserver[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "smtp[.]wp[.]pl"}, {"hashes": ["2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "host": "mail[.]a1[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f"], "host": "smtp[.]mail[.]att[.]net"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "exmail[.]emirates[.]net[.]ae"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "mail[.]spaceworld[.]in"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "host": "smtp[.]op[.]pl"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]hyundaikzn[.]co[.]za"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "host": "smtp[.]interia[.]pl"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "host": "mail[.]accordsynergy[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "smtp[.]dpoczta[.]pl"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "host": "smtp[.]sfr[.]fr"}, {"hashes": ["3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "mail[.]tracon[.]com[.]pk"}, {"hashes": ["4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]telefonica[.]net"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]liwogroup[.]com[.]my"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "host": "mail[.]wodonga-golf[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "imap[.]wodonga-golf[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]spen[.]co[.]th"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77"], "host": "mail[.]educonslt[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "pop[.]bizwearjamaica[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]powerlinemultiservicios[.]com"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f"], "host": "imap[.]kovalam[.]es"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "correo[.]planalfa[.]es"}, {"hashes": ["3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]mbvgroup[.]co[.]za"}, {"hashes": ["4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "host": "mail[.]kmpe[.]com[.]au"}], "file": [{"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "path": "%LOCALAPPDATA%\\Microsoft\\Schemas\\MS Word_restart.xml"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "path": "%TEMP%\\0.7055475.js"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "path": "%TEMP%\\<random, matching '[a-z]{3}[A-F0-9]{3,4}'>.tmp"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e"], "path": "%System32%\\adjustmove.exe (copy)"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "path": "%SystemRoot%\\SysWOW64\\yellowreportsb.exe"}, {"hashes": ["afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "path": "%SystemRoot%\\SysWOW64\\<random, matching '[a-zA-Z0-9]{4,19}'>.exe"}, {"hashes": ["1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a"], "path": "%TEMP%\\inq6vpuc4.exe"}, {"hashes": ["1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571"], "path": "%TEMP%\\llh1np4ba.exe"}, {"hashes": ["298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8"], "path": "%TEMP%\\x5ra7abr9.exe"}, {"hashes": ["1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732"], "path": "%TEMP%\\tlcebiev2.exe"}, {"hashes": ["4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67"], "path": "%TEMP%\\qy2w0i9c1.exe"}, {"hashes": ["7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c"], "path": "%TEMP%\\jrtj6nk6o.exe"}, {"hashes": ["7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9"], "path": "%TEMP%\\fe2zt4mrb.exe"}, {"hashes": ["86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd"], "path": "%TEMP%\\zmmkb0j7x.exe"}, {"hashes": ["2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77"], "path": "%TEMP%\\ns8q8axim.exe"}, {"hashes": ["857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355"], "path": "%TEMP%\\s1ucq6p8d.exe"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb"], "path": "%TEMP%\\fxmnkq4qt.exe"}, {"hashes": ["807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4"], "path": "%TEMP%\\4l4u8k8s6.exe"}, {"hashes": ["a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e"], "path": "%TEMP%\\lvn7pj1tq.exe"}, {"hashes": ["beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380"], "path": "%TEMP%\\qz03ja0fx.exe"}, {"hashes": ["dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2"], "path": "%TEMP%\\o2a6n5yed.exe"}, {"hashes": ["b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883"], "path": "%TEMP%\\h04mv88ph.exe"}, {"hashes": ["4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9"], "path": "%TEMP%\\9m0sfw639.exe"}, {"hashes": ["7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0"], "path": "%TEMP%\\waymo412t.exe"}, {"hashes": ["aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81"], "path": "%TEMP%\\9611f6amr.exe"}, {"hashes": ["afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd"], "path": "%TEMP%\\500wscq7u.exe"}, {"hashes": ["89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b"], "path": "%TEMP%\\z1n6ugc3o.exe"}, {"hashes": ["eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "path": "%TEMP%\\xyttqbac9.exe"}, {"hashes": ["ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f"], "path": "%TEMP%\\bvtodh6q4.exe"}, {"hashes": ["fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "path": "%TEMP%\\bj5mz58yf.exe"}, {"hashes": ["e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "path": "%TEMP%\\6e9vjeorp.exe"}, {"hashes": ["c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee"], "path": "%TEMP%\\shpba8lxr.exe"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2"], "path": "%TEMP%\\rodaxhc49.exe"}, {"hashes": ["c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "path": "%TEMP%\\aoj9v2b6o.exe"}, {"hashes": ["4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "path": "%TEMP%\\akasf7a5h.exe"}, {"hashes": ["ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7"], "path": "%TEMP%\\8pahgt5u4.exe"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd"], "path": "%TEMP%\\uojcitjqv.exe"}, {"hashes": ["ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "path": "%TEMP%\\bn76qdls6.exe"}, {"hashes": ["3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f"], "path": "%TEMP%\\eg87wlso7.exe"}], "ip": [{"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "ip": "181[.]123[.]0[.]125"}, {"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "ip": "18[.]217[.]99[.]164"}, {"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "ip": "119[.]159[.]150[.]176"}, {"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "ip": "80[.]240[.]141[.]141"}, {"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "ip": "184[.]69[.]214[.]94"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "ip": "186[.]75[.]241[.]230"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "ip": "124[.]240[.]198[.]66"}, {"hashes": ["2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "209[.]182[.]195[.]22"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "173[.]194[.]68[.]108/31"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "69[.]43[.]168[.]232"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee"], "ip": "104[.]31[.]71[.]182"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "110[.]36[.]234[.]146"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "197[.]211[.]244[.]6"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "125[.]99[.]61[.]162"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "115[.]88[.]70[.]226"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "207[.]204[.]50[.]44"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "217[.]116[.]0[.]228"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "162[.]251[.]80[.]26"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "ip": "104[.]31[.]70[.]182"}, {"hashes": ["3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "72[.]167[.]238[.]29"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "74[.]208[.]5[.]15"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "196[.]25[.]211[.]150"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "17[.]36[.]205[.]74"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "217[.]116[.]0[.]237"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "148[.]72[.]198[.]247"}, {"hashes": ["2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "173[.]194[.]175[.]108/31"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "208[.]91[.]199[.]224/31"}, {"hashes": ["471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "162[.]144[.]47[.]94"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05"], "ip": "212[.]227[.]15[.]158"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "64[.]26[.]60[.]229"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "64[.]98[.]36[.]5"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "86[.]96[.]229[.]29"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "216[.]194[.]171[.]230"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "52[.]96[.]15[.]178"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "41[.]185[.]13[.]221"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "208[.]115[.]125[.]108"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "144[.]217[.]253[.]51"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "54[.]66[.]138[.]103"}, {"hashes": ["2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "129[.]232[.]251[.]13"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "82[.]223[.]190[.]138/31"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9"], "ip": "98[.]136[.]96[.]82/31"}, {"hashes": ["3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "74[.]6[.]141[.]44/30"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "103[.]215[.]136[.]96"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77"], "ip": "54[.]39[.]145[.]62"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "203[.]147[.]24[.]51"}, {"hashes": ["26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416"], "ip": "67[.]195[.]228[.]98/31"}, {"hashes": ["1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4"], "ip": "190[.]108[.]228[.]48"}, {"hashes": ["1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4"], "ip": "212[.]129[.]24[.]82"}, {"hashes": ["7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783"], "ip": "41[.]185[.]29[.]128"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1"], "ip": "85[.]118[.]245[.]10"}], "mutex": [{"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "name": "Global\\I98B68E3C"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "name": "Global\\M98B68E3C"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e"], "name": "Global\\M3C28B0E4"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e"], "name": "Global\\I3C28B0E4"}], "registry": [{"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\.JS\\OPENWITHPROGIDS", "value_name": "JSFile"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\.JS", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\.JS\\OPENWITHPROGIDS", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\FILEEXTS\\.JS\\OPENWITHLIST", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Name"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Path"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": "Extensions"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Name"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Path"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": "Extensions"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Name"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Path"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": "Extensions"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "Type"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "Start"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "ErrorControl"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "ImagePath"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "DisplayName"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "WOW64"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\YELLOWREPORTS", "value_name": "ObjectName"}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\RECOVER", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WRDPRFCTDOS", "value_name": null}, {"hashes": ["04506f92dbebbdad34850d0344014c9acf170a1f532660d18512975d62756fbd", "16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1b5fd4653bdbb88ef0615c3a4b38e642630fddfd738ceafb893b6c860beb117a", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "1f8d4a7a30a8f819c87095b98c10328764b56a877915105815442f4192804571", "26706d48f23fdb7c40aca350271921e8050870ce4f6d957d94ad308dd3f409a2", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "2b05fd27faf1cc06b2db7e25b67e19ce5ff5c7852e61bf122eaae92345b54a77", "2e8ec9034066e25159978c9c8429e0b2762a2e193a48a0d14fe5a45518c5b5a8", "3643f64d1633ebca53e1f94f6aba030cc495b68942b532afae9c74f8016d631f", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "471ebd4880bf8cfee1920152ea36f170cf9331f37e45bf52f5b9bcfcbd326ffb", "4781987ed5962518144b03612044b8dea7e5a29107a2ad2f7a2c0738313586ee", "4e2f28c6260342e1d56264f6cb861d81987fff70905700660034a240c59d75d9", "4ebd8502f68223342be072867f79338fb13dfe6b68b209bfdb27f5effef40d05", "5fae5b96569a4759bd5cc6494b24edef1639bcc28ed105bc3eb8f9fa09bca4c9", "7362434686fb62fe3ce77a4ea84886f0f82768112b6f9832cc86bbdfc83bdef9", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "807cfe5cb5d6075af492a911fd096b0a3705f9fe7cd0a7263d94e4efa21a50f4", "857f05b3df88059eeeaecea4da6901ad6e45e5cbb9be21d1ae7d17b946cba355", "89763a9eefa6606d925392aa2718facb16958916ee2564025edcd1d74712536b", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "ac6ae597ee585fe8c47af74751418f3ab937fbf51e0298412a1f3aca3e43b416", "ae26dd6f5a6d2f628b048762985bb6566a003fc6e03fba25027b605b3bfda69f", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "beed332573149ca7ff4138148152bba65bae0cc701a783c19641103b3bf33380", "c024fdadb41d093241451ef0112aeea49788e8738ffc70e8e415426f8139f8f1", "c5d8d15fce148a9f97d4952698603fadd8d99663a826c343c58c3f1b28f36bee", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "e93944ae26a54ee4e85c505cca1e1423d01722bf332634266a2f0685146b2783", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51", "fda24b342e93cdd488a5061294a526ffd7ce0d06682fe15b3c025ca3a0aa248a"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\OFFICE\\14.0\\WORD\\TEXT CONVERTERS\\IMPORT\\WORDPERFECT6X", "value_name": null}, {"hashes": ["16a9929e17b9fcc99f8d2eb5ec86b365239b0f957b187594f77319540ce5e5f1", "1be7caaba5194edf4387892d03521e968be5fa4b784a833b0c6321285694a660", "1cfe976389fe9d737b7419de0fac59fa4dce4e78c73714124b1689011e3ce732", "298762d4a2ff39b2de5427c13ff95e75a4f4ac07b5f64c46d82ee1043fc52ed8", "4331d5382007c68ac994c5a45e86985d8fcde1fb478aa69b394a19058d807f67", "7c067959175e72df745b86f91dd1fa402f4b3b3c0ad17ca70b77a1f6185a285c", "7d06e0759eafca0709823dadb15c5d37c7a3cada38bad9bcb4ca678d3895bfb0", "86c47685c49f4d0cec1c54b0b6cc8247ebd8c17b01a63da2ac19c0b02d426ebd", "a0703d7150ce06752f04e53ea2ad6f102551e1bdb8588fdc2e6bf90668e1de7e", "aa5939a419865b42f07bba0e5b344675bc51edf1cd793336ce2f53aa8450ce81", "afb17855bfe0728490e1c7b0ddcd7c5f11c6aed66530929a7f2665b4cf0dc9cd", "b86daffde7bc6fe271ac0ba32f6dda345b712ff95b90adcf77eeb8e26556d883", "dd6e1775d250540b67d65432b5e14304c8db6b9656b6c05147f9668d3a4a7af2", "ea189ff2f4e5009ff86fde8b424fe719aebc45d09e026f18e1a7c9bacceea7a7", "eb6febc1ad3e0558c56597f62c9df9cc3f8a3f00c9190e4891835f97c3097e51"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\SYSTEMCERTIFICATES\\AUTHROOT\\CERTIFICATES\\DAC9024F54D8F6DF94935FB1732638CA6AD77C13", "value_name": "Blob"}]}}, "Win.Dropper.Cerber-7192026-0": {"category": "Dropper", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": false, "WSA": false}, "description": "Cerber is ransomware that encrypts documents, photos, databases and other important files. Historically, this malware would replace files with encrypted versions and add the file extension \".cerber,\" although in more recent campaigns, this is no longer the case.", "hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "iocs": {"domain": [{"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "host": "ipinfo[.]io"}], "file": [{"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%TEMP%\\# DECRYPT MY FILES #.html"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%TEMP%\\# DECRYPT MY FILES #.txt"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%TEMP%\\# DECRYPT MY FILES #.url"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%TEMP%\\# DECRYPT MY FILES #.vbs"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%HOMEPATH%\\# DECRYPT MY FILES #.html"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%HOMEPATH%\\# DECRYPT MY FILES #.txt"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%HOMEPATH%\\# DECRYPT MY FILES #.url"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%HOMEPATH%\\# DECRYPT MY FILES #.vbs"}, {"hashes": ["4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\Magnify.lnk"}, {"hashes": ["4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\Magnify.exe"}, {"hashes": ["4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a"], "path": "%System32%\\Tasks\\Magnify"}, {"hashes": ["561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\wusa.lnk"}, {"hashes": ["561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\wusa.exe"}, {"hashes": ["561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636"], "path": "%System32%\\Tasks\\wusa"}, {"hashes": ["b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4"], "path": "%System32%\\Tasks\\mtstocom"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\odbcconf.lnk"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\odbcconf.exe"}, {"hashes": ["84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\netbtugc.lnk"}, {"hashes": ["84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\netbtugc.exe"}, {"hashes": ["4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\expand.lnk"}, {"hashes": ["4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\expand.exe"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\AdapterTroubleshooter.lnk"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\AdapterTroubleshooter.exe"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259"], "path": "%System32%\\Tasks\\autoconv"}, {"hashes": ["b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "path": "%System32%\\Tasks\\DeviceProperties"}, {"hashes": ["b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\DeviceProperties.lnk"}, {"hashes": ["b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\DeviceProperties.exe"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109"], "path": "%System32%\\Tasks\\odbcconf"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%System32%\\Tasks\\mshta"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\mshta.lnk"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\mshta.exe"}, {"hashes": ["b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\eudcedit.lnk"}, {"hashes": ["b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\eudcedit.exe"}, {"hashes": ["d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\cliconfg.lnk"}, {"hashes": ["d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\cliconfg.exe"}, {"hashes": ["3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4"], "path": "%System32%\\Tasks\\perfmon"}, {"hashes": ["5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613"], "path": "%System32%\\Tasks\\WerFaultSecure"}, {"hashes": ["4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07"], "path": "%System32%\\Tasks\\expand"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4"], "path": "%System32%\\Tasks\\AdapterTroubleshooter"}, {"hashes": ["70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\FlashPlayerApp.lnk"}, {"hashes": ["70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\FlashPlayerApp.exe"}, {"hashes": ["d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "path": "%System32%\\Tasks\\cliconfg"}, {"hashes": ["b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "path": "%System32%\\Tasks\\eudcedit"}, {"hashes": ["70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed"], "path": "%System32%\\Tasks\\FlashPlayerApp"}, {"hashes": ["84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64"], "path": "%System32%\\Tasks\\netbtugc"}, {"hashes": ["cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\LocationNotifications.lnk"}, {"hashes": ["cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483"], "path": "%APPDATA%\\{6F885251-E36F-0FE6-9629-63208157D7A2}\\LocationNotifications.exe"}, {"hashes": ["cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483"], "path": "%System32%\\Tasks\\LocationNotifications"}], "ip": [{"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "ip": "31[.]184[.]234[.]0/25"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85"], "ip": "216[.]239[.]34[.]21"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "ip": "216[.]239[.]32[.]21"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "ip": "216[.]239[.]36[.]21"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "ip": "216[.]239[.]38[.]21"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "ip": "54[.]88[.]175[.]149"}], "mutex": [{"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "name": "shell.{381828AA-8B28-3374-1B67-35680555C5EF}"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "name": "shell.{785F99DE-E95E-3921-EE78-D7777849AA01}"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259"], "name": "shell.{967822DD-7042-E624-BEA7-C7EF520E90F5}"}, {"hashes": ["3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4"], "name": "shell.{A92873EC-3840-982A-DA5D-DDDC12AA8495}"}], "registry": [{"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\EXPLORER", "value_name": "Run"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\COMMAND PROCESSOR", "value_name": "AutoRun"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\CONTROL PANEL\\DESKTOP", "value_name": "SCRNSAVE.EXE"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\PRINTERS\\DEFAULTS\\{21A3D5EE-E123-244A-98A1-8E36C26EFF6D}", "value_name": null}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15", "1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259", "185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109", "1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4", "3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4", "3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c", "4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07", "503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02", "561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a", "6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200", "70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed", "84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64", "999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0", "a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c", "a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636", "b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064", "b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4", "b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8", "bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85", "cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483", "d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\PRINTERS\\DEFAULTS", "value_name": null}, {"hashes": ["4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Magnify"}, {"hashes": ["4574e5aeda39aadfadb399654d2a6db00884be85b0882fb0acc4dbf14153ca0e", "65afc018d8cdcc9ec4756e98000265e3ecc3e394b7e5d493dfd6d106cc15118a"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "Magnify"}, {"hashes": ["561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "wusa"}, {"hashes": ["561caadf62f59ee8dfd6d9c97e5692875458c55b3e2d53ba43e9496c40ee0824", "a8fe11512ba3e48b178ad9ef994f48ec581394e69cbdb808f15c1432a762c636"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "wusa"}, {"hashes": ["cc1efac0bf7786ea4bbd4963d78aee4498e034dd778adce6977eca3d78666483"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "LocationNotifications"}, {"hashes": ["70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "FlashPlayerApp"}, {"hashes": ["70b5c51e692dcd2f432c05170f7f823fdfd5b6857267117a92fe9d358a7026ed"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "FlashPlayerApp"}, {"hashes": ["6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "DWWIN"}, {"hashes": ["6971a5b1aa7e57abad2939f4be1a92651ea7ac12251b804ae17f2ecb1e1bf200"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "DWWIN"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mshta"}, {"hashes": ["3c7e1a50d31138b53165e98d7bc2ba570304359bb4f7baab7ded17cc3fb3bc4c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "mshta"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "autoconv"}, {"hashes": ["1736c692db984e5ceb7e15a127f2478400a78c30785fd3c195ae4d9468b80259"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "autoconv"}, {"hashes": ["bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "RMActivate_isv"}, {"hashes": ["bd68985801dd6b820c3a0c21883aa4ace809b2a62cbba278ac3a4d53166bcf85"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "RMActivate_isv"}, {"hashes": ["a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eventcreate"}, {"hashes": ["a80ace30082b76edb75d6c9a4f9165af721a8f8b13ac0862bc438589e0af01bd"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "eventcreate"}, {"hashes": ["999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "w32tm"}, {"hashes": ["999a1e5659ac864771ad420c7cad50de5b5118adb5abb80ffe18ad28c932f5a0"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "w32tm"}, {"hashes": ["84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "netbtugc"}, {"hashes": ["84a45eec021015ee2eeb5acb7251f3c50c626b41bf47b8fce7c822253e175c64"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "netbtugc"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "AdapterTroubleshooter"}, {"hashes": ["1da732e9670f73e980723ea167abb29c5b553603c3804ec4bb9a03a4d506e8a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "AdapterTroubleshooter"}, {"hashes": ["503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "MuiUnattend"}, {"hashes": ["503baff89f763142c5b49a527972c7119be3f95fcc8cc2a1cde8bb71fd76cd02"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "MuiUnattend"}, {"hashes": ["5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "WerFaultSecure"}, {"hashes": ["5dbfa76bd1edb0ae7a516a08c760e2234506d64ae7c905f8e0e8830d74ef8613"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "WerFaultSecure"}, {"hashes": ["3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "perfmon"}, {"hashes": ["3a6ca5a46ac5ac3ef7972b22e2fa5cdc4af2e137150691ed1b7a15b1ce9030a4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "perfmon"}, {"hashes": ["b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "DeviceProperties"}, {"hashes": ["b1e46c28ddff91c0d586933b500ce29bcf83fc094864c4227b6e70fa1981f064"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "DeviceProperties"}, {"hashes": ["a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "openfiles"}, {"hashes": ["a51de392aae3ade74991dd86b1d205c2cc5ecb0752cac2a02c95d61ff14a558c"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "openfiles"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "at"}, {"hashes": ["151143935c4283f66a837eca1761400ab0573929e04217a5be0286b28eeb9d15"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "at"}, {"hashes": ["b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "mtstocom"}, {"hashes": ["b7cf83e8596736ced202a1de5e67fbaa5bdf9074697d548fdd83800802732ec4"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "mtstocom"}, {"hashes": ["4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "expand"}, {"hashes": ["4e242ff308fc31ada637861fed73373c30eb2d5ecfda92760498fcbe30a9bb07"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "expand"}, {"hashes": ["b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "eudcedit"}, {"hashes": ["b8c85a34ed5ccfe058c8ba65606add1efdcfe694d0f32e6b91e4b977da1392a8"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "eudcedit"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "odbcconf"}, {"hashes": ["185f85a2fbc3e27f87b099ff50a1f03f89e724e7927ec9edac4c4416dc87c109"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "odbcconf"}, {"hashes": ["d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "cliconfg"}, {"hashes": ["d3080983742d3deacdbc53a43b1482cfe1573ec8d957fba0f456a676dca3bd90"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUNONCE", "value_name": "cliconfg"}]}}, "Win.Malware.Neurevt-7192122-0": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Neurevt, also known as BetaBot, is a remote access trojan that employs multiple anti-debug and anti-analysis techniques to attempt to avoid detection.", "hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "00e830529982d3b12b63616473f8e77b1e9f59d26d7464a916ab4ccb7d252338", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "205a780668f504064a7a326217529d3dd585fefe2c91b9ee141aa0c0411c88d6", "2252337eb1ee8bfcdc05cdd90533c4f9c73326c3c38438730feffb47a67dde13", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2b55f40e873b564258185612ea6518761ab9393f271d1acd3908d65dda91c3f2", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "514e41ef73aa0e6b581168304fc5e4c11a81706d4a00e8dadd8c5e604493e85f", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "c322930c96c9ced13fa0a0cd908f13ccf78746ca90efbfd350fe430d5050342e", "cdb6c076c2f01b39bc396e3a2796afabd7aa4a34b459c2325da1baa1428e0772", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e0f77050a65697e8df1bd4177212dc9d9a40a22ad5720dfb8eff9952c53dc1ac", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fb0cc2749ea1a6161d95d842138158a5e7bcb7de547261bbdf3fa9d4065b2e05", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "iocs": {"domain": [{"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "host": "update-silo[.]com"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "host": "frizzcams[.]com"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "host": "fapncam[.]com"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "host": "theafam[.]info"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "host": "pl1[.]co[.]vu"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "host": "kasn5[.]name"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "host": "up-windows[.]in"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "host": "myssfii[.]eu"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "host": "emicrosoft[.]eu"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "host": "allegro[.]ga"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "host": "frky7[.]name"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "host": "marklou1[.]eu"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "host": "s1allegro[.]net"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]dqwjnewkwefewaaaaa3[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "fe298c697c247af42926ae65f504cbab[.]380d71f68b776c687229362c8017cfd4[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]2uandmearevideos2k2[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "e4afed3b6057875d3cab2c8acadf19b0[.]9079efdb6bd50d249cecbf60d0cf8a59[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]12thegamejuststarted10k12[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "9f1338aaa955b14adce82b28456563dd[.]8e38e1a12b675dd8ad0879ac9df9dd43[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "0a3871225132117b6a5a3ca80e3637e7[.]bd822b74f0f09fe15387a4e573dfd4b8[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "5fa5dd9e6db7852950c1d75652840205[.]d30bfb82739133ccfd1a869f816afd1e[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "a289b7027c3a8ccd97e35492ec62c4a7[.]79c70407c7e6ecfca660191065cb2e91[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "82ffe6077d09c53372a2f4177b3a00fd[.]2418805ba4dbdf2b323c3ee2d28fd899[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]6worldwipemek6[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "ce5ccbd7434dc4f3e00d5d615c8f1cfe[.]f919bc55f255fc49078e2b0e54e60b5e[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "e17c03fa7401724be533fe1bf9fe63fb[.]63cf80283a4665780fb078689650eaf8[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "a4f88eb3035fbd80315c0cc85e6569d7[.]dc6cc18eb770e294780d2df6e9b080e1[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "f7241de88559b4c4ee04186eb7b5665a[.]09b6a496019df0a4d4f41350ad485971[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "cdcd72629e86db4377174fcc3efd90e9[.]cf80d575bca945e28bae674c0c3033cf[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "e345e1c9d19e89f6d6fc3b24d63469d8[.]c2a98636f01f4fa32c629362faca0332[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "2781aeced7e729029c98054cb35ccbd4[.]0a8d4d666dbfe305588b29d8f566e568[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "c5dd37c3e7194ecef7511990ba5ecc0b[.]ccc9dd7d1d9274e31750b90997e59924[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "9dd3c991faa99e740d7b96202ebe8d0d[.]8f41895b4b34f041f9dd2b06cfe41d49[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "01cbb860b9824c11e3be0fabd031a71e[.]59fed9742cca3ec26799e609607be1ac[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]dqwjnewkwefewaaaaa6[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]8thegamejuststarted13k8[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "d4bd70cebcc1932a26f7404a71eea200[.]94fe83fc9d946818b20d023bd0f80424[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]5dietmydartk5[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "7537bd6edaa59e3b08835669ac06b519[.]aa09b6e35d3b21e5be54c95a9b6ddfca[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]dqwjnewkwefewaaaaa4[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "a141634cf03031e4f615ef5f430907dd[.]b7d2e2844914789bbcd45aa7bcb8327f[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]11thegamejuststarted12k11[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "11d89d0691d18be507c5f1949ad97076[.]d03d82456be143538484f440aa7b38e8[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "e3fb0874dfb038bde89736a38fd6373e[.]4cf414f09733735efbe5dad8d4f1f2c6[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]3stop2teasemek3[.]com"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "25a7a224f346224b3970e770322d1a82[.]9c20370e3481f3c12a87b363a68c0bb8[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "5e3d88b9ea8a64725add168a6490dd96[.]31eb139044cd6fcbbd76e94cf1745f85[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "a65814c62b56d35287c7af196f8106b3[.]d7b4b7fa2f6c1c2ec4b68986ce3e9bc0[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "230a97c7087e0bb2df27ecb7adf4e95b[.]95c4fa88209c121c74eda8f0b6daf31a[.]sink1[.]doombringer[.]pw"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "host": "b[.]4pixartzonek4[.]com"}], "file": [{"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "path": "%HOMEPATH%\\My Documents\\My Videos\\Desktop.ini"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "path": "%System32%\\Tasks\\Windows Update Check - 0x00000000"}, {"hashes": ["714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084"], "path": "%ProgramData%\\riaiccape"}, {"hashes": ["714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084"], "path": "%ProgramData%\\riaiccape\\desktop.ini"}, {"hashes": ["23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49"], "path": "%ProgramData%\\ubvhynpxh"}, {"hashes": ["23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49"], "path": "%ProgramData%\\ubvhynpxh\\desktop.ini"}, {"hashes": ["2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa"], "path": "%ProgramData%\\hemxccape"}, {"hashes": ["2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa"], "path": "%ProgramData%\\hemxccape\\desktop.ini"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51"], "path": "%ProgramData%\\randomfolder\\desktop.ini"}, {"hashes": ["1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55"], "path": "%ProgramData%\\rpeulaaql\\desktop.ini"}, {"hashes": ["5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8"], "path": "%ProgramData%\\odoaztybt\\desktop.ini"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5"], "path": "%ProgramData%\\mwvaztybt\\desktop.ini"}, {"hashes": ["48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1"], "path": "%ProgramData%\\safpdndnn\\desktop.ini"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "path": "%ProgramData%\\Javaupdate\\desktop.ini"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "path": "%System32%\\Tasks\\Windows Update Check - 0x6EDA084A"}, {"hashes": ["97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553"], "path": "%ProgramData%\\dtdasndku\\desktop.ini"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "path": "%ProgramData%\\Winrar_Update\\desktop.ini"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "path": "%System32%\\Tasks\\Windows Update Check - 0x6E3308B1"}, {"hashes": ["0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60"], "path": "%ProgramData%\\omylcqksw\\desktop.ini"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "path": "%System32%\\Tasks\\Windows Update Check - 0x5FF907D6"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "path": "%ProgramData%\\svchost\\desktop.ini"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "path": "%System32%\\Tasks\\Windows Update Check - 0x19CF045A"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "path": "%System32%\\Tasks\\Windows Update Check - 0x0E7302EC"}, {"hashes": ["228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc"], "path": "%ProgramData%\\skskjbpjx\\desktop.ini"}], "ip": [{"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "ip": "239[.]255[.]255[.]250"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "ip": "52[.]185[.]71[.]28"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "ip": "208[.]100[.]26[.]251"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "ip": "40[.]76[.]4[.]15"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "ip": "20[.]41[.]46[.]145"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "ip": "40[.]67[.]189[.]14"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "ip": "94[.]130[.]148[.]39"}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "ip": "176[.]56[.]236[.]180"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "ip": "143[.]215[.]215[.]205"}], "mutex": [], "registry": [{"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\WIN7ZIP", "value_name": "Uuid"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\WIN7ZIP", "value_name": null}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.101", "value_name": "CheckSetting"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.103", "value_name": "CheckSetting"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.100", "value_name": "CheckSetting"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.102", "value_name": "CheckSetting"}, {"hashes": ["00922eea9dc5d3b1d91cf0e5b244d86957e0a5dab9f22b37db91983d154849f5", "0f9b382f50574eb1da03ab59cc0138d0cdddbcccdbf4fb04377235377e2bce60", "19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "1d5a814d7034b2ffc16acb036e10021410d1592b491fd4e3c6737ffa48c19f55", "228cdf170c3b7f8c4b08f89def8b979c147aada601d7e1d0708916a3101732fc", "23b79c36c6c5b9b35e11159486bf8f1e0a2366af780c9508bfee93de63fdeb86", "2d6b0b02396b515544d508ace60ef5de186961843c6fda12c311716c63b631b4", "47fce8ed6989d5946ef8b4a10898d103ded7ffe6d5046d1583aefa21218cbe49", "48b4df7d8192fb653ca5d4ef80903794b6cf7baa25bca70624acbcafd1c5f4e1", "5822b7304c297b694c9826e07c653d1a5071af711f24abf374213dbf73df99d8", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "714042e00adf37f5772ade261d283e66bfd787ba4622ff188ec9befc05817bcb", "82fd5b23902d7114095c356c9820e65b89d7c4dd5da1312e262373608e536e4e", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "97f3a82738d8dc6703828c406ecafd16acbc019bf8c810516912302ec1d2b553", "a925cb47ff812a85faee0d1a39c2f16ac6b99dff405d01741fc253ec76cf29aa", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "c1a5a44d0a9e5217bd0e321b3f23efa089fc969ee9a1f6a1292c40e7b896a62a", "d243e98761d23d3be54b8212a497d2f79626315621dd04e0a7606d6ea378b084", "dacca7e30bb1f19c0c1d468a62ee77ed94eeea7a80b743597bfbdd60548361aa", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4", "fd1711659a756fe5e112e5218cca00d2e56e049794268d929725754b4270c5e1"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\ACTION CENTER\\CHECKS\\{E8433B72-5842-4D43-8645-BC2C35960837}.CHECK.104", "value_name": "CheckSetting"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\PUBLICPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SSDPSRV", "value_name": "Start"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\RSTRUI.EXE", "value_name": null}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5", "69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3", "699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5", "8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc", "ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34", "aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51", "e34b5fba5acb04abc12e392a6a202a593117458abbea90a3ca94217de21114d4"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\RSTRUI.EXE", "value_name": "Debugger"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35", "b3248bd97a52f067965a4da0e470928461460c3f8d0c06396c17504da1739a51"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "random"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\10DF0332\\CG1", "value_name": "GLA"}, {"hashes": ["ac2c823fe5be07bc030e77510922ec076642c5ef5966b0ec56b6dfefcba06e34"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\OMYLCQKSW.EXE", "value_name": "Debugger"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6EDA084A\\CS1", "value_name": null}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6EDA084A\\CW1", "value_name": null}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6EDA084A\\CW1", "value_name": "1916"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Javaupdate"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6EDA084A\\CG1", "value_name": "GLA"}, {"hashes": ["699b83596749933b26e4a8cd79df7e961859dce598a28b0a09a7d1a6ef051ba5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\BZSBKOTIU.EXE", "value_name": "Debugger"}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726", "value_name": null}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726\\CS1", "value_name": null}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726\\CW1", "value_name": null}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726\\CG1", "value_name": null}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726\\CW1", "value_name": "1936"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6E3308B1\\CS1", "value_name": null}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "svchost"}, {"hashes": ["69808dfac8e39bb71644ca5b9a354c8407d713e723c49a2bb54ba6a6f54e52d3"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5BDD0726\\CG1", "value_name": "GLA"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6E3308B1\\CW1", "value_name": null}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5FF907D6\\CS1", "value_name": null}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5FF907D6\\CW1", "value_name": null}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6E3308B1\\CW1", "value_name": "1832"}, {"hashes": ["8f0ab0d5a8d06ffb54e69dec00c3d2e920794be65cb3b9f316a04af9c3d3ed35"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\6E3308B1\\CG1", "value_name": "GLA"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5FF907D6\\CW1", "value_name": "820"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Winrar_Update"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\5FF907D6\\CG1", "value_name": "GLA"}, {"hashes": ["19a17d03eaa9d66aee48704b368513cb4ce2ea571004561046897e5fe194fcb5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\QPQPDNDNN.EXE", "value_name": "Debugger"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\19CF045A\\CS1", "value_name": null}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\19CF045A\\CW1", "value_name": null}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\19CF045A\\CW1", "value_name": "1384"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "qw7v4x1c4fxsq"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\19CF045A\\CG1", "value_name": "GLA"}, {"hashes": ["aee901442f82ad32986e1c36969d48d76d4cc88bb8b084d0a2749220a86a26b5"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\SAFPDNDNN.EXE", "value_name": "Debugger"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\0E7302EC\\CS1", "value_name": null}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\0E7302EC\\CW1", "value_name": null}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\0E7302EC\\CW1", "value_name": "1916"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "CreativeAudio"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKCR>\\CLSID\\{7C59DF73-6FE7-724E-963F-58E2D8DE89F2}\\0E7302EC\\CG1", "value_name": "GLA"}, {"hashes": ["96e0342a3295906bf604f8fcffb8845e3d4a72ceb8ca34443f54216616467ddc"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\IMAGE FILE EXECUTION OPTIONS\\XSLJQLOTP.EXE", "value_name": "Debugger"}]}}, "Win.Malware.Osiris-7191711-1": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Osiris is a banking trojan derived from the Kronos banking trojan and is known to include features such as the ability to communicate with its command and control (C2) servers via Tor and the ability to intercept credentials typed into web forms.", "hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "iocs": {"domain": [{"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver4[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver7[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver5[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver9[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver2[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver8[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver10[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver6[.]top"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "host": "updateserver3[.]top"}], "file": [{"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "path": "%APPDATA%\\Mozilla\\Firefox\\Profiles\\<profile ID>.default\\user.js"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498"], "path": "%System32%\\CatRoot2\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\catdb"}, {"hashes": ["4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "path": "%APPDATA%\\Microsoft\\{56984C2C-8905-4BFA-8553-0BE17726FCD5}"}, {"hashes": ["4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "path": "%APPDATA%\\Microsoft\\{56984C2C-8905-4BFA-8553-0BE17726FCD5}\\d41d8cd9.exe"}, {"hashes": ["0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318"], "path": "%APPDATA%\\Microsoft\\{56984C2C-8905-4BE2-8553-13E17726E4D5}"}, {"hashes": ["0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318"], "path": "%APPDATA%\\Microsoft\\{56984C2C-8905-4BE2-8553-13E17726E4D5}\\d41d8cd9.exe"}, {"hashes": ["919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498"], "path": "%APPDATA%\\Microsoft\\{9A96A2D0-FE36-485E-B81C-0132628C474C}\\dd4b21e9.exe"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d"], "path": "%APPDATA%\\Microsoft\\{03FFB58D-7238-49DA-9378-5224CBD1F546}\\dd4b21e9.exe"}, {"hashes": ["4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841"], "path": "%APPDATA%\\Microsoft\\{575A5E0A-FD63-4DF1-BF50-033349A4ADA1}\\dd4b21e9.exe"}, {"hashes": ["6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8"], "path": "%APPDATA%\\Microsoft\\{33C67668-6248-47D0-8FDF-197713CA89A1}\\dd4b21e9.exe"}, {"hashes": ["6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377"], "path": "%APPDATA%\\Microsoft\\{FA144B4E-77DF-4C1F-A472-60E20FF489C2}\\dd4b21e9.exe"}, {"hashes": ["2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5"], "path": "%APPDATA%\\Microsoft\\{507C47B0-1E13-4926-92BC-C40E8A4CB040}\\dd4b21e9.exe"}, {"hashes": ["5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318"], "path": "%APPDATA%\\Microsoft\\{F807BD90-CAC5-40B0-828A-CA06ED52C5F4}\\dd4b21e9.exe"}, {"hashes": ["6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b"], "path": "%APPDATA%\\Microsoft\\{780EBCFD-EADA-4438-9DC3-324538311844}\\dd4b21e9.exe"}], "ip": [], "mutex": [{"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "name": "Global\\d41d8cd98f00b204e9800998ecf8427e"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "name": "Global\\{B1F6EFF9-6297-200E-B1F6-F9EF29AA7A00}"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498"], "name": "Global\\{BF6093C4-5FBA-D878-BF60-C4933C20A000}"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498"], "name": "Global\\dd4b21e9ef71e1291183a46b913ae6f2"}], "registry": [{"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "Hidden"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER\\ADVANCED", "value_name": "HideFileExt"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION", "value_name": "d41d8cd9"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION", "value_name": "d41d8cd9"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d41d8cd9"}, {"hashes": ["05ba5705db7ff502d4422ea7d4ef32422d9b2c0966a42b6b3d76c126d51e846d", "0aae22c6557c43cf199421eb6b367d23469909b5f860468c1e42b0e5730808d5", "2c5fdc198324cc33dc93d20dc58195608661ed5c83cf10619efdbc1fddeb51e5", "4c6f284b0be38d51af26ee87e687cbba32184e0b21203758419953e1f476e841", "4f645f4ae3dcf8bfebf4dde1b6d20497ce25fbbc1f6f691d40a95d7bff7a2d6c", "5ba866dbb2ace005cfa32382404ac0927695f52bedce0804564549e633be8318", "6478b2ce18a6a7671a39aa254ba0c4aaf123a0f5b27e9c86e323b663332f18f8", "6f2add6401f59d813de66bc1152240f2e7622e293a0b10c5a804790b7068195b", "6f9d45cf7571949de6db54d2e4c642ae63e30ba0eaf4f3075b8cd36749171377", "919d3b68ee264053ae4f0f3d9caf93c055c421dabdc419d5d52d09d089142498", "f7ce779ae0308c0c0da8280d3182506eda97778e91969eb4ea86dc3bfddb12df"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "d41d8cd9"}]}}, "Win.Malware.Zusy-7191579-1": {"category": "Malware", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": false, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Zusy, also known as TinyBanker or Tinba, is a trojan that uses man-in-the-middle attacks to steal banking information. When executed, it injects itself into legitimate Windows processes such as \"explorer.exe\" and \"winver.exe.\" When the user accesses a banking website, it displays a form to trick the user into submitting personal information.", "hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "467e66e8fc95c740cc3beee432d6a5e85bc533aa6dd609865376dacf0a0ef6e7", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "4c87ea3b6a073736377336c8956f6a835195ba5238141c9569ff479994893d57", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "982d5666dc937abeb1dd8151053a3455396211ae3917d5b613fdbf03866792e9", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "dc7c72e0db964bb4ecc0d142457872b1ff05bad8db75e9c7bdc198d12b25f95b", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f29e7b837000bd7217d662ef9fcafa1696140aa063aecf01856d571f1b3371a1", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8381bfcd3c78823c1687918ed42356c48cf9f649059c2e057c2ceedd9e93f78", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "iocs": {"domain": [{"hashes": ["0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "467e66e8fc95c740cc3beee432d6a5e85bc533aa6dd609865376dacf0a0ef6e7", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "982d5666dc937abeb1dd8151053a3455396211ae3917d5b613fdbf03866792e9", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "dc7c72e0db964bb4ecc0d142457872b1ff05bad8db75e9c7bdc198d12b25f95b", "f29e7b837000bd7217d662ef9fcafa1696140aa063aecf01856d571f1b3371a1", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8381bfcd3c78823c1687918ed42356c48cf9f649059c2e057c2ceedd9e93f78", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "host": "brureservtestot[.]cc"}], "file": [{"hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "dc7c72e0db964bb4ecc0d142457872b1ff05bad8db75e9c7bdc198d12b25f95b", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f29e7b837000bd7217d662ef9fcafa1696140aa063aecf01856d571f1b3371a1", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "path": "%HOMEPATH%\\AppData\\LocalLow\\EEFEB657"}, {"hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "path": "%APPDATA%\\EEFEB657"}, {"hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "path": "%APPDATA%\\EEFEB657\\bin.exe"}], "ip": [{"hashes": ["0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "467e66e8fc95c740cc3beee432d6a5e85bc533aa6dd609865376dacf0a0ef6e7", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "982d5666dc937abeb1dd8151053a3455396211ae3917d5b613fdbf03866792e9", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "dc7c72e0db964bb4ecc0d142457872b1ff05bad8db75e9c7bdc198d12b25f95b", "f29e7b837000bd7217d662ef9fcafa1696140aa063aecf01856d571f1b3371a1", "f8381bfcd3c78823c1687918ed42356c48cf9f649059c2e057c2ceedd9e93f78", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "ip": "216[.]218[.]185[.]162"}], "mutex": [{"hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "467e66e8fc95c740cc3beee432d6a5e85bc533aa6dd609865376dacf0a0ef6e7", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "982d5666dc937abeb1dd8151053a3455396211ae3917d5b613fdbf03866792e9", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "dc7c72e0db964bb4ecc0d142457872b1ff05bad8db75e9c7bdc198d12b25f95b", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f29e7b837000bd7217d662ef9fcafa1696140aa063aecf01856d571f1b3371a1", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8381bfcd3c78823c1687918ed42356c48cf9f649059c2e057c2ceedd9e93f78", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "name": "EEFEB657"}], "registry": [{"hashes": ["027ecc7f1e2d38d420486e9e0fe9d50bdceb8b50512258a922e69f55e0c18ec7", "0a72c56814a288218c9346115935828be03e870fa858a721f738af4dab311205", "0a9fd449b13193c771c2d401dd6538cab6dbb2c37e0573b05cc72802b90687cf", "0b1fa36c3ae5bdb7c52c40e08566cceac37965265e5b2552fdf121add431ce45", "0ce401aa748f86238016408aa5c7b082a83499a2cbf2d5a1370b3bef8b983be1", "1266c2bccc5fa61af8b611d3c7f210b11fed7d22dbb24305bf6003b1891399fe", "12ef657ff31b48b90fbb20b212643f7aa62b66dae80cd19feed7356089f18451", "149e17e85475bf4f6b4be6c0f1924e8554ec982f949fcb833c8c6bc3a7673669", "1a0d6dda8e405f9342fadc87a1a6b395250bfcf910f5e2e4cfba806de2b58eee", "1b3ddf7b2a71290a0a86e974a323dde16999e7eaa2be2b8cd63c066a7ba6a052", "1fa747673986b53ed65fa0a6b39a024ef02191966184a6fd8844e742fdbc3d58", "22b172ead1618e0c49a6d94c4da6c7ba1d401549276bc3a7f3d78c18909e6793", "2b9b82e7ee0d8661b2268f83a010e8379e28930cc7f9f224d06fcd37b48f566d", "2ba984bf6a2e039225b78faf309d087db56a6a2eac5efc73f5f20ff941c58442", "2c33aa852da4527f49dae1e6bb1940b4c7cd2c814da0a90ab8a2a5de5fee6726", "2c594bcf891b90e24c8bd445d5ddbe9cb50f5d101d559d564ab8246535d2af53", "306774877254b8ca51a2bf446834cc34126ac56ebaf9d935442c25e533485fc1", "38efe6d2c2e264e83d54cebc4bb14766c344741e39b510b027882d1ef2bbb798", "43aee0e0761a3e90aa35d3401634397be8d1691d88ed2bdaaf2f60c915de53e2", "47bc6db08ad7826b5a68644d6f013405e4e6842525b8a4d05a2abdabfd735fc4", "484f52c4598eddc67147f8558c9bf9701d1c4d2f5bcc1b619a43422863d1e8ce", "48624a37bd7f3faacc3d56c106a40189c413dc4ec4407c00a1034578cfb6a9b3", "4a3a67a893cf7e49a5aef587d840867589841e93ae7f418019d6f94daba58c47", "4bd1deaa13a4a9cef75f84dba895645a24ac7f4b4bd69d22ea5800a3c682cc54", "4be937805ca42ff4d83082b3fed3cd5d161560cb46ce4a34f95f2d22ac2d64ad", "502e49c81ff5632f246e94996d697b21b220bb378830484ce89c841fbf324352", "5224b2df070394d3d269577a8f54e3704c1ccd6ce9a313a795bab3b01855e695", "549c94c8af011fd6ac9bf97e11126a4cd4aab92bbdea88c9f1bf115d61f43163", "55649f4cca69eae74bcbe146d1d38dbeafc76c7b3df1b524bdcf167fe695c8cc", "556a1b44f001eacf5bc57fe93406b716c69ea88e93cc95ef0720b84ea31a309f", "55e9c0d543e89f7307bb5b1f4cb7bfb451ea4834b2f6a0d23589f17d19ced858", "59d6c8f9f7f7bc2f7fc6fc976d9655cbdb914f8e88d19d8a5bbbe60570825a84", "5f371fee49e62fdd78623977e683acddacd1f03310786026f33b239582e665f9", "65f601b9a313d9a2c7f4739fe0e34819c3a86e6cc69e957e334b31bb8b234879", "69cf710e7adce7031168d0fe8c946d7fd790b6e005de3e44b2a7d027e069dc4b", "69f942844a36a4b993fc919237a6aacc780ea95ff3ad1458e9a32f6fdd2186c7", "6cda3c4af4b4fe807ea22369a85ef51c136f63941224380176096bbbcf8b75d9", "6e9350ed765b9eaff1f0088f31bc523b9dd15456e2870601865efa91ea11201e", "715cfcab33c638dee5e7ca7e07739f202716a25ae4d9801250b12611e0b0210c", "72815aae48b75e746842530ba3ad236e5e31d2b2fbc5b4c6939562307e68a995", "74e955ce1d18be739ac0292e506146820140ba5e40cc15cfc142fdb40553174b", "7afa60ef491139ab5ed96a453c4773246d22c200db9801999b6bbe36eaaa967f", "7b02cc21708f7c86efac90b8c01ea6d81d3acf49c585716e9fee874ce5c3dfbc", "7c86757a39a266c2929fc8b9d484a6de93fe15709bb7bf9733f35bb4a559bedd", "7d7b9b1374e73b3248163f41c327771438dca2c3cc919f698c3ec5ffa979d6b9", "80ff2368eb810e159d4195e191d6ce6fa909c9b1a3b37eb1d1a07eecdbbcf544", "8ad451f153b2b416f520efd59e2c8ed03be78ac38a8803f9ee6c1eb3d1d937ef", "8d04ab827e046e180b45d5303b11e5068ba8d84f848dda59c544026864a73d13", "8edfe31a807fd8ec2c726dd17857d8ce43cb7dff879cd5fa7b0b50d64e3aac59", "901ba59f7d03ae7c50939ddfcecb9a3d4d729222399dfa7bb67629846ba3ae9e", "9882f520512868fa1990d6230b8af3fad3bbd484ae2c174fd9f7d4ee0f5e512f", "9912a80bedd75de63fefe6b05ebccd885314c125701cc65e640a788b50f47b15", "9e8d4e427567c06c20b5f7385d5becfe562ae251a8b00d92fc2a7189bc27070e", "9f3473b4da8246167e18241514b65233b4f9d2c11954c705437f1b2889a93ccc", "9fe7d5534586ea0e30e8696691b21135ba91d754940de142c33f88f32070056c", "a02fad00eff022bab1605e9439d9a9184d189718bb3d069ef4663cea98cdaf21", "a083b45ed00f608d692f549407783675ca0b3b2abd862dc03f6d42a9fcdf60e0", "a6ec7d5e814683f8a76a5b0923fbc8c08fdaea50eb103d868c54425a371290fc", "a72ee33b902f2b4580b2d90d75a84af1ff702b692942a757b5ed7832a5bf9f1c", "aa3bc0f99a1afe27cb7185ca56c882c9eddf1ea74e41424e6639114b54e94eb9", "ac89f800560b9804feba34ee39a9448c5cf4be46c79477ca483bac32c2d42b90", "b4e1dd1006a42f554177454cdb1b877223e74680870dab436581772d38f063b8", "baa74f16c763682523cab7565d3ca042df6121083c7610031a01e2a2a14ca68a", "bbef36b67a454c64ede45dbec7f3608e6bbdffb08ccd567d72ee900e827d698e", "bf2b21a2a2c5608c17aa673a34aec5d6e69058912cc9f7c4a1b12bea7a2cdc11", "c2ab8d3553aef6ee31ad31250e7ec40d2abaa882fc61f3f4a7038da754695ed1", "c479a883c21a9ebba855a6d105c4cf76a105a45b41e140226fe262c3383ba0a9", "c4d4afe8c88a474e5dd0145ea225f07d5030f350a3bbb783b93e10d14690fb1b", "c4e2a763bbfbffcc610c13c76d84b2e7df9ebdf34f482b834ef53d368dc39c17", "c8d47b0400bed03fca564f6645e47f7868ccf8a9eb6b621b04eabad144c37af7", "cbea086dcd1d02579abf7b3b1aadce0bb3814cee00ecdcea5d1bea7dbf283011", "cc764206d5776c1f5c09fb2d0e78939f40fabbdbf64ab03cf13d82d791e490ee", "ce5d8279ed289bdb7b7e731be2b448dcff8b84b1318a92cae307f75ae2ff7d0f", "cef5b3dea88083d7f9b2bdb5f5a032acfaafd29bdaf165b28aab6720870e6c72", "e18e80a86fe565376d2647755e492a6561479e80ad40711f19eb2a3106f7e295", "e99065b3ea86facbf111a031595177c4eb642b7eef615c4055bfe8736b0876b3", "ef02709dba375d57de973072a8a49bcd3bab4e8fa17c668f5072cf72c88aecae", "f813e73d71f8ce6db8eedb2778faa1b49d277853e54f84af1c55242e3c1f98ba", "f8cd859d21721ba6da7309479f0678140f6d61ee7b64fca71f877c4218e2a92e", "fbba35a28f3f9ae16a41a4b42af2a0b86db73e165ae40a138ffaaf4432cabd3e", "fc533bea83a28e1448e3be8a441ff96cd1652f7e036b274b88eb4aef533d956a", "fe39bd205931a5058995598d08e6157d09b101326ac222ed570f926c51268ca5"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "EEFEB657"}]}}, "Win.Virus.Expiro-7192043-0": {"category": "Virus", "coverage": {"AMP": true, "CWS": true, "Cloudlock": false, "Email Security": true, "Network Security": true, "Threat Grid": true, "Umbrella": true, "WSA": true}, "description": "Expiro is a known file infector and information stealer that hinders analysis with anti-debugging and anti-analysis tricks.", "hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "iocs": {"domain": [{"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "atw82ye63ymdp[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "xxsmtenwak[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "grbjgfprk[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "ydchosmhwljjrq[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "ygqqaluei[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "wwyreaohjbdyrajxif[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "bekvfkxfh[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "caosusubld[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "warylmiwgo[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "xomeommdilsq[.]com"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "host": "mdofetubarhorbvauf[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "gfaronvw[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "wstujheiancyv[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "kbivgyaakcntdet[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "dvwtcefqgfnixlrdb[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "yrkbpnnlxrxrbpett[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "oawvuycoy[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "citnngljfbhbqtlqlrn[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "bungetragecomedy9238[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "oeuwldhkrnvxg[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "kbodfwsbgfmoneuoj[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "wdgqvaya[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "ypwosgnjytynbqin[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "jlaabpmergjoflssyg[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "ausprcogpngdpkaf[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "wydvmjaantfg[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "pkjkgprlgtu[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "iutwddseukcdplwpslq[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "wiulqdhkoqmih[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "cxownbsefbc[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "fnvweaywlctnxsi[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "auqpdabknaty[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "lwqmgevnftflytvbgs[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "onaxjbfinflx[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "mudsaoojbjijj999[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "qoraprfuu[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "nvrnisdf[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "dnjvsqdkisxqtbyghsm[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "ghvcoagkccor[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "mpfyngouhnboktq[.]com"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "host": "xnvxmdujhycgicmgso[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "qislvfqqp[.]com"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "host": "fmsqakcxgr[.]com"}], "file": [{"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%System32%\\alg.exe"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.log"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\SysWOW64\\svchost.exe"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%System32%\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\microsoft.net\\framework\\v2.0.50727\\<random, matching '[a-z]{8}'>.tmp"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "path": "%LOCALAPPDATA%\\bolpidti\\judcsgdy.exe"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "path": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\judcsgdy.exe"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngen_service.lock"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v2.0.50727\\ngenservicelock.dat"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "path": "%LOCALAPPDATA%\\bolpidti"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\ngen_service.log"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "path": "\\TEMP\\ShMnr23"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe"}, {"hashes": ["32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6"], "path": "%SystemRoot%\\SysWOW64\\cjnnhbik.tmp"}, {"hashes": ["f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "path": "%SystemRoot%\\SysWOW64\\hmdklpnd.tmp"}, {"hashes": ["0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b"], "path": "%SystemRoot%\\SysWOW64\\ghnjiafh.tmp"}, {"hashes": ["ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f"], "path": "%SystemRoot%\\SysWOW64\\nojnfemc.tmp"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "path": "\\TEMP\\emf"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "path": "\\TEMP\\J3OHIb3"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0"], "path": "%SystemRoot%\\SysWOW64\\ggaiaabg.tmp"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\SysWOW64\\elmmpkjb.tmp"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\jjicllfe.tmp"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\kdcmjhfd.tmp"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "path": "%SystemRoot%\\Microsoft.NET\\Framework\\v4.0.30319\\mgpkbphq.tmp"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "path": "\\TEMP\\V6HxmY3"}, {"hashes": ["63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544"], "path": "%SystemRoot%\\SysWOW64\\jcdknpqc.tmp"}, {"hashes": ["63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544"], "path": "%SystemRoot%\\microsoft.net\\framework64\\v2.0.50727\\lnnbedge.tmp"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c"], "path": "%SystemRoot%\\SysWOW64\\pemqadiq.tmp"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c"], "path": "%SystemRoot%\\Microsoft.NET\\Framework64\\v2.0.50727\\hpfjkhqg.tmp"}], "ip": [{"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "ip": "172[.]217[.]10[.]110"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "ip": "87[.]106[.]190[.]153"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82"], "ip": "18[.]213[.]250[.]117"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "ip": "91[.]195[.]240[.]126"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "ip": "208[.]100[.]26[.]251"}, {"hashes": ["d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e"], "ip": "18[.]215[.]128[.]143"}, {"hashes": ["f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "ip": "46[.]165[.]220[.]145"}, {"hashes": ["36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac"], "ip": "46[.]165[.]254[.]198"}], "mutex": [{"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "name": "SetupLauncher"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "name": "Global\\<random guid>"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "name": "gazavat-svc"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "name": "kkq-vx_mtx<number, matching [0-9]{1,2}>"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "name": "{7930D12C-1D38-EB63-89CF-4C8161B79ED4}"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "name": "{79345B6A-421F-2958-EA08-07396ADB9E27}"}], "registry": [{"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Type"}, {"hashes": ["08c199483a9569dbe74565c65ab0dfe038338ffe0c37061316a3a45116a9adb0", "0b75593bf5cec1a4e6beecce8927ba895307c03d22387611fb6ced7805c2fa7b", "29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "32ed07783188242c60837a208a6ebab9e37fa69fb69da9b28629c3e3971ccfa6", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a", "ea5a419cb19fc22c11d3751f0560f049631571b99c33d37482ddbca1ee4e3d6f", "f2fffb85b3e49c138128ef141b69a49fd09e3c7362ed8beed43dc6c46deadbcb"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_32", "value_name": "Start"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusOverride"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "AntiVirusDisableNotify"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallDisableNotify"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "FirewallOverride"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UpdatesDisableNotify"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\SECURITY CENTER", "value_name": "UacDisableNotify"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\POLICIES\\SYSTEM", "value_name": "EnableLUA"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "EnableFirewall"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DoNotAllowExceptions"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\SHAREDACCESS\\PARAMETERS\\FIREWALLPOLICY\\STANDARDPROFILE", "value_name": "DisableNotifications"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WSCSVC", "value_name": "Start"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WINDEFEND", "value_name": "Start"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\MPSSVC", "value_name": "Start"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION", "value_name": "jfghdug_ooetvtgk"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKCU>\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "JudCsgdy"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\WUAUSERV", "value_name": "Start"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN", "value_name": "Windows Defender"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["293263135eb196a8027f6aea0f74038d60b848103f09db6d39e55b763d6bf26a", "36e5bd8e4a5c7758dd28acda1ad479bfbfb268ca1c5339b4e9953daea48392ac", "c075f037fea0578197e56a520708152779a9332195b96a52bac64ff10a914d82", "d28f2744b436cb2816ee6a63a44e2cfd4f952483b65c026ea8b4f384cc6b7e5e", "f5fec4cf85c3e2c936455b0f0ec8a6cbbb138dfa5e31db4920037f9baf46ab65"], "key": "<HKLM>\\SOFTWARE\\WOW6432NODE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINLOGON", "value_name": "Userinit"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Type"}, {"hashes": ["29ec1dfc85cfed46ccf8a53ca2e9f207cb126f6cec92a3b829ae61590bea1b1c", "63530b594d1605211d405951823a3f5ac249660aa0ca542cb00247652dc3b544", "664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V2.0.50727_64", "value_name": "Start"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Type"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_32", "value_name": "Start"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Type"}, {"hashes": ["664bd013762c59a6f0b0c8fbd7dbed06f971d2dfbc2921e10faf8b5e8aba2e8a"], "key": "<HKLM>\\SYSTEM\\CONTROLSET001\\SERVICES\\CLR_OPTIMIZATION_V4.0.30319_64", "value_name": "Start"}]}}, "exprev": [{"count": 12639, "description": "An attempt to exploit CVE-2019-0708 has been detected. The vulnerability, dubbed BlueKeep, is a heap memory corruption which can be triggered by sending a specially crafted Remote Desktop Protocol (RDP request). Since this vulnerability can be triggered without authentication and allows remote code execution, it can be used by worms to spread automatically without human interaction.", "name": "CVE-2019-0708 detected"}, {"count": 5242, "description": "A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.", "name": "Excessively long PowerShell command detected"}, {"count": 2444, "description": "Madshi is a code injection framework that uses process injection to start a new thread if other methods to start a thread within a process fail. This framework is used by a number of security solutions. It is also possible for malware to use this technique.", "name": "Madshi injection detected"}, {"count": 933, "description": "A process was injected into, most likely by an existing Kovter infection. Kovter is a click fraud Trojan that can also act as an information stealer. Kovter is also file-less malware meaning the malicious DLL is stored inside Windows registry and injected directly into memory using PowerShell. It can detect and report the usage of monitoring software such as wireshark and sandboxes to its C2. It spreads through malicious advertising and spam campaigns.", "name": "Kovter injection detected"}, {"count": 443, "description": "Process hollowing is a technique used by some programs to avoid static analysis. In typical usage, a process is started and its obfuscated or encrypted contents are unpacked into memory. The parent then manually sets up the first stages of launching a child process, but before launching it, the memory is cleared and filled in with the memory from the parent instead.", "name": "Process hollowing detected"}, {"count": 389, "description": "A process created a suspicious Atom, which is indicative of a known process injection technique called Atom Bombing. Atoms are Windows identifiers that associate a string with a 16-bit integer. These Atoms are accessible across processes when placed in the global Atom table. Malware exploits this by placing shell code as a global Atom, then accessing it through an Asynchronous Process Call (APC). A target process runs the APC function, which loads and runs the shellcode. The malware family Dridex is known to use Atom Bombing, but other threats may leverage it as well.", "name": "Atom Bombing code injection technique detected"}, {"count": 195, "description": "Gamarue is a family of malware that can download files and steal information from an infected system. Worm variants of the Gamarue family may spread by infecting USB drives or portable hard disks that have been plugged into a compromised system.", "name": "Gamarue malware detected"}, {"count": 186, "description": "DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.", "name": "Dealply adware detected"}, {"count": 174, "description": "Trickbot is a banking Trojan which appeared in late 2016. Due to the similarities between Trickbot and Dyre, it is suspected some of the individuals responsible for Dyre are now responsible for Trickbot. Trickbot has been rapidly evolving over the months since it has appeared. However, Trickbot is still missing some of the capabilities Dyre possessed. Its current modules include DLL injection, system information gathering, and email searching.", "name": "Trickbot malware detected"}, {"count": 116, "description": "Install core is an installer which bundles legitimate applications with offers for additional third-party applications that may be unwanted. The unwanted applications are often adware that display advertising in the form of popups or by injecting into browsers and adding or altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Installcore adware detected"}, {"count": 34, "description": "Emotet is a banking Trojan that first appeared in the summer of 2014. It uses Automatic Transfer System (ATS) to steal money from a victim's bank account. The Trojan is distributed through spam that includes a malicious attachment or a link that downloads the Trojan. Emotet uses modules, downloaded by the original Trojan to grab Microsoft Outlook information, modify HTTP/HTTPS traffic and distribute spam. Once executed, it checks for virtual machine processes and injects code into the \"Explorer.exe\" process. Then it reaches out to its command network to download its modules, each of which can be run without the original loader.", "name": "Emotet malware detected"}, {"count": 32, "description": "Fusion (or FusionPlayer) is an adware family that displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware is known to sometimes download and install malware.", "name": "Fusion adware detected"}, {"count": 30, "description": "Special Search Offer adware displays unwanted advertising in the form of popups or by injecting into browsers and altering advertisements on webpages. Adware has also been known to download and install malware.", "name": "Special Search Offer adware"}, {"count": 26, "description": "IcedID is a banking Trojan. It uses both web browser injection and browser redirection to steal banking and/or other financial credentials and data. The features and sophistication of IcedID demonstrate the malware author's knowledge and technical skill for this kind of fraud, and suggest the authors have previous experience creating banking Trojans. IcedID has been observed being installed by Emotet or Ursnif. Systems infected with IcedID should also be scanned for additional malware infections.", "name": "IcedID malware detected"}, {"count": 21, "description": "A site commonly used by fileless malware to download additional data has been detected. Several different families of malware have been observed using these sites to download additional stages to inject into other processes.", "name": "Possible fileless malware download"}, {"count": 18, "description": "An exploit payload intended to connect back to an attacker controlled host using tcp has been detected.", "name": "Reverse tcp payload detected"}, {"count": 18, "description": "Aggah dropper technique has been detected. The Aggah campaign has been observed dropping Azorult, LokiBot and other malware families. Aggah employs phishing and process hollowing to infect victim machines.", "name": "Aggah malware dropper detected"}, {"count": 14, "description": "A PowerShell command was stored in an environment variable and run. The environment variable is commonly set by a previously run script and is used as a means of evasion. This behavior is a known tactic of the Kovter and Poweliks malware families.", "name": "PowerShell file-less infection detected"}, {"count": 13, "description": "Corebot is a Trojan with many capabilities found in other prominent families. It features a plugin system to enable it to load a variety of features from the C&C server at any time. Known plugins include RAT capabilities such as taking desktop screenshots, as well as being able to intercept and modify browser communications and steal data, especially data related to banking.", "name": "Corebot malware detected"}], "info": {"origin": "Cisco Talos Intelligence Group", "publication_date": "2019-10-04T13:27:24+00:00", "version": "2.1", "warning": "As a reminder, the information provided for the following threatsin this post is non-exhaustive and current as of the date ofpublication. Additionally, please keep in mind that IOC searchingis only one part of threat hunting. Spotting a single IOC does notnecessarily indicate maliciousness. Detection and coverage for thefollowing threats is subject to updates, pending additional threator vulnerability analysis. For the most current information, pleaserefer to your Firepower Management Center, Snort.org, or ClamAV.net."}, "signatures": ["Win.Malware.Zusy-7191579-1", "Win.Malware.Osiris-7191711-1", "Win.Dropper.Cerber-7192026-0", "Win.Virus.Expiro-7192043-0", "Win.Malware.Neurevt-7192122-0", "Doc.Dropper.Emotet-7181950-0"]}